US-CERT - Vulnerability Summary for the Week of October 7, 2019
Original release date: October 14, 2019 | Last revised: October 15, 2019
Back to top
Back to top
Back to top
Back to top
from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-287
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adhouma_cms_project -- adhouma_cms | Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. | 2019-10-10 | 7.5 | CVE-2019-17429 MISC |
awplife -- contact_form_widget | The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. | 2019-10-10 | 7.5 | CVE-2019-17072 MISC MISC |
centreon -- centreon_vm | In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | 2019-10-08 | 10.0 | CVE-2018-21025 MLIST MISC MISC |
fasterxml -- jackson-databind | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. | 2019-10-06 | 7.5 | CVE-2019-17267 MISC MISC |
fon -- fon2601e-fsw-b_firmware | FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities. | 2019-10-04 | 7.8 | CVE-2019-6015 MISC MISC |
gnome -- libsoup | libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. | 2019-10-06 | 7.5 | CVE-2019-17266 MISC MISC MISC MISC MISC MISC UBUNTU MISC |
ibm -- mq | IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352. | 2019-10-04 | 7.5 | CVE-2019-4227 XF CONFIRM |
ibm -- spectrum_scale | A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | 2019-10-09 | 7.2 | CVE-2019-4558 XF CONFIRM |
intelliantech -- remote_access | Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field. | 2019-10-06 | 10.0 | CVE-2019-17269 MISC |
k-78 -- broken_link_manager | The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. | 2019-10-10 | 7.5 | CVE-2015-9467 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. | 2019-10-04 | 7.5 | CVE-2019-17133 MISC |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366. | 2019-10-10 | 7.6 | CVE-2019-1307 MISC |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366. | 2019-10-10 | 7.6 | CVE-2019-1308 MISC |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366. | 2019-10-10 | 7.6 | CVE-2019-1335 MISC |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335. | 2019-10-10 | 7.6 | CVE-2019-1366 MISC |
microsoft -- excel | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331. | 2019-10-10 | 9.3 | CVE-2019-1327 MISC |
microsoft -- excel | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327. | 2019-10-10 | 9.3 | CVE-2019-1331 MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239. | 2019-10-10 | 7.1 | CVE-2019-1238 MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238. | 2019-10-10 | 7.6 | CVE-2019-1239 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 2019-10-10 | 9.3 | CVE-2019-1060 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'. | 2019-10-10 | 9.3 | CVE-2019-1311 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. | 2019-10-10 | 7.2 | CVE-2019-1315 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'. | 2019-10-10 | 7.2 | CVE-2019-1316 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 2019-10-10 | 7.2 | CVE-2019-1319 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336. | 2019-10-10 | 7.2 | CVE-2019-1323 MISC |
microsoft -- windows_10 | A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 2019-10-10 | 7.8 | CVE-2019-1326 MISC |
microsoft -- windows_10 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 2019-10-10 | 9.3 | CVE-2019-1333 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323. | 2019-10-10 | 7.2 | CVE-2019-1336 MISC |
nex-forms_-_ultimate_form_builder_project -- nex-forms_-_ultimate_form_builder | The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | 2019-10-07 | 7.5 | CVE-2015-9452 MISC MISC MISC |
open-emr -- openemr | OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. | 2019-10-05 | 7.5 | CVE-2019-17197 MISC MISC |
pcprotect -- antivirus | PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. | 2019-10-07 | 7.2 | CVE-2019-16913 MISC |
signal -- signal_private_messenger | ** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs. | 2019-10-04 | 7.5 | CVE-2019-17192 MISC MISC MISC |
sitos -- sitos_six | SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user. | 2019-10-07 | 10.0 | CVE-2019-15746 MISC |
sitos -- sitos_six | SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code. | 2019-10-07 | 7.5 | CVE-2019-15748 MISC |
sitos -- sitos_six | An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application. | 2019-10-07 | 10.0 | CVE-2019-15751 MISC |
sizmic -- plugmatter_optin_feature_box | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | 2019-10-07 | 7.5 | CVE-2015-9450 MISC MISC MISC |
sizmic -- plugmatter_optin_feature_box | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. | 2019-10-07 | 7.5 | CVE-2015-9451 MISC MISC MISC |
xen -- xen | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. | 2019-10-07 | 7.2 | CVE-2019-17346 MISC |
xerox -- atlalink_firmware | Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. | 2019-10-04 | 7.5 | CVE-2019-17184 MISC |
zingbox -- inspector | A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. | 2019-10-09 | 9.0 | CVE-2019-15014 MISC |
zingbox -- inspector | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. | 2019-10-09 | 7.5 | CVE-2019-15019 MISC |
zingbox -- inspector | A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. | 2019-10-09 | 7.5 | CVE-2019-15020 MISC |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- hadoop | In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. | 2019-10-04 | 5.0 | CVE-2018-11768 MISC MLIST MLIST MLIST MLIST |
axiosys -- bento4 | Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump. | 2019-10-10 | 4.3 | CVE-2019-17452 MISC |
axiosys -- bento4 | Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact. | 2019-10-10 | 4.3 | CVE-2019-17453 MISC MISC |
axiosys -- bento4 | Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info. | 2019-10-10 | 4.3 | CVE-2019-17454 MISC |
bludit -- bludit | bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | 2019-10-06 | 4.3 | CVE-2019-17240 MISC MISC |
brinidesigner -- awesome_filterable_portfolio | The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. | 2019-10-10 | 6.5 | CVE-2015-9461 MISC MISC MISC |
centreon -- centreon_vm | In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | 2019-10-08 | 5.0 | CVE-2019-17104 MLIST MISC MISC |
centreon -- centreon_web | In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | 2019-10-08 | 4.0 | CVE-2019-17106 MLIST MISC MISC |
cpanel -- cpanel | cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). | 2019-10-09 | 6.5 | CVE-2019-17375 MISC MISC |
cpanel -- cpanel | cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). | 2019-10-09 | 4.3 | CVE-2019-17376 MISC |
cpanel -- cpanel | cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). | 2019-10-09 | 4.3 | CVE-2019-17377 MISC |
cpanel -- cpanel | cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). | 2019-10-09 | 4.3 | CVE-2019-17378 MISC |
cpanel -- cpanel | cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). | 2019-10-09 | 4.3 | CVE-2019-17379 MISC |
cpanel -- cpanel | cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | 2019-10-09 | 4.3 | CVE-2019-17380 MISC |
elementor -- elementor | The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. | 2019-10-07 | 4.3 | CVE-2018-18379 MISC MISC MISC |
eleopard -- animate_it! | The animate-it plugin before 2.3.4 for WordPress has XSS. | 2019-10-09 | 4.3 | CVE-2019-17384 MISC MISC |
eleopard -- animate_it! | The animate-it plugin before 2.3.5 for WordPress has XSS. | 2019-10-09 | 4.3 | CVE-2019-17385 MISC MISC |
etoilewebdesign -- ultimate_faq | Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | 2019-10-07 | 5.0 | CVE-2019-17232 MISC MISC MISC |
etoilewebdesign -- ultimate_faq | Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | 2019-10-07 | 4.3 | CVE-2019-17233 MISC MISC MISC |
exiv2 -- exiv2 | Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. | 2019-10-09 | 4.3 | CVE-2019-17402 MISC |
eyoucms -- eyoucms | EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | 2019-10-10 | 4.3 | CVE-2019-17430 MISC MISC |
fastadmin -- fastadmin | An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. | 2019-10-10 | 6.8 | CVE-2019-17431 MISC |
fecmall -- fecmall | An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function. | 2019-10-04 | 6.5 | CVE-2019-17188 MISC |
fiberhome -- hg2201t_firmware | /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. | 2019-10-08 | 5.0 | CVE-2019-17187 MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656. | 2019-10-04 | 6.8 | CVE-2019-13315 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757. | 2019-10-04 | 6.8 | CVE-2019-13316 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759. | 2019-10-04 | 6.8 | CVE-2019-13317 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544. | 2019-10-04 | 4.3 | CVE-2019-13318 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669. | 2019-10-04 | 6.8 | CVE-2019-13319 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814. | 2019-10-04 | 6.8 | CVE-2019-13320 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8295. | 2019-10-04 | 6.8 | CVE-2019-6774 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8491. | 2019-10-04 | 6.8 | CVE-2019-6775 MISC MISC |
foxitsoftware -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8801. | 2019-10-04 | 6.8 | CVE-2019-6776 MISC MISC |
foxitsoftware -- reader | Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists. | 2019-10-04 | 5.0 | CVE-2019-17183 MISC |
freerdp -- freerdp | libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | 2019-10-04 | 5.0 | CVE-2019-17177 MISC MISC |
freerdp -- freerdp | HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | 2019-10-04 | 5.0 | CVE-2019-17178 MISC MISC |
gonitro -- nitropdf | A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 2019-10-09 | 6.8 | CVE-2019-5045 MISC |
gonitro -- nitropdf | A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 2019-10-09 | 6.8 | CVE-2019-5046 MISC |
gonitro -- nitropdf | An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability. | 2019-10-09 | 6.8 | CVE-2019-5047 MISC |
gonitro -- nitropdf | A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 2019-10-09 | 6.8 | CVE-2019-5048 MISC |
gonitro -- nitropdf | A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 2019-10-09 | 6.8 | CVE-2019-5050 MISC |
gonitro -- nitropdf | An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability. | 2019-10-09 | 6.8 | CVE-2019-5053 MISC |
hp -- arcsight_logger | Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type. | 2019-10-04 | 6.5 | CVE-2019-11655 MISC |
ibm -- control_desk | IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. | 2019-10-09 | 4.0 | CVE-2019-4512 XF CONFIRM |
ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. | 2019-10-04 | 5.0 | CVE-2019-4514 XF CONFIRM |
ibm -- security_key_lifecycle_manager | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2019-10-04 | 4.3 | CVE-2019-4564 XF CONFIRM |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563. | 2019-10-08 | 4.6 | CVE-2019-17241 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f. | 2019-10-08 | 4.6 | CVE-2019-17242 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155. | 2019-10-08 | 6.8 | CVE-2019-17243 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a. | 2019-10-08 | 6.8 | CVE-2019-17244 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359. | 2019-10-08 | 4.6 | CVE-2019-17245 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c. | 2019-10-08 | 6.8 | CVE-2019-17246 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8. | 2019-10-08 | 6.8 | CVE-2019-17247 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6. | 2019-10-08 | 6.8 | CVE-2019-17248 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b. | 2019-10-08 | 6.8 | CVE-2019-17249 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5. | 2019-10-08 | 6.8 | CVE-2019-17250 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43. | 2019-10-08 | 6.8 | CVE-2019-17251 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115. | 2019-10-08 | 6.8 | CVE-2019-17252 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8. | 2019-10-08 | 6.8 | CVE-2019-17253 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101. | 2019-10-08 | 6.8 | CVE-2019-17254 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836. | 2019-10-08 | 6.8 | CVE-2019-17255 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203. | 2019-10-08 | 6.8 | CVE-2019-17256 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80. | 2019-10-08 | 4.3 | CVE-2019-17257 MISC MISC |
irfanview -- irfanview | IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c. | 2019-10-08 | 6.8 | CVE-2019-17258 MISC MISC |
jnoj -- jiangnan_online_judge | Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. | 2019-10-10 | 4.3 | CVE-2019-17489 MISC |
jnoj -- jiangnan_online_judge | Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. | 2019-10-10 | 4.3 | CVE-2019-17491 MISC |
jnoj -- jiangnan_online_judge | Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | 2019-10-10 | 4.3 | CVE-2019-17493 MISC |
joyplus-cms_project -- joyplus-cms | joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. | 2019-10-04 | 5.0 | CVE-2019-17175 MISC |
k-78 -- broken_link_manager | The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. | 2019-10-07 | 4.3 | CVE-2015-9453 MISC MISC MISC |
k-78 -- broken_link_manager | The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. | 2019-10-10 | 4.3 | CVE-2015-9468 MISC MISC |
kmplayer -- kmplayer | KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee. | 2019-10-08 | 4.6 | CVE-2019-17259 MISC MISC |
koji_project -- koji | Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. | 2019-10-09 | 4.0 | CVE-2019-17109 MISC CONFIRM CONFIRM |
liblnk_project -- liblnk | ** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue. | 2019-10-06 | 6.8 | CVE-2019-17264 MISC MISC |
libpng -- libpng | libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct. | 2019-10-09 | 4.3 | CVE-2019-17371 MISC |
liferay -- liferay_portal | Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. | 2019-10-04 | 6.5 | CVE-2019-16891 MISC MISC MISC |
linux -- linux_kernel | An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. | 2019-10-07 | 4.9 | CVE-2019-17351 MISC MISC MISC |
lqd -- liquid_speech_balloon | The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer. | 2019-10-10 | 4.3 | CVE-2019-17070 MISC MISC |
metinfo -- metinfo | An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. | 2019-10-09 | 6.5 | CVE-2019-17418 MISC |
metinfo -- metinfo | An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. | 2019-10-09 | 6.5 | CVE-2019-17419 MISC |
microsoft -- edge | A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. | 2019-10-10 | 4.3 | CVE-2019-0608 MISC |
microsoft -- edge | A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. | 2019-10-10 | 4.3 | CVE-2019-1357 MISC |
microsoft -- open_enclave_software_development_kit | An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | 2019-10-10 | 5.0 | CVE-2019-1369 MISC |
microsoft -- sharepoint_enterprise_server | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329. | 2019-10-10 | 4.0 | CVE-2019-1330 MISC |
microsoft -- sql_server_management_studio | An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376. | 2019-10-10 | 4.0 | CVE-2019-1313 MISC |
microsoft -- sql_server_management_studio | An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313. | 2019-10-10 | 4.0 | CVE-2019-1376 MISC |
microsoft -- windows_10 | A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | 2019-10-10 | 5.6 | CVE-2019-1317 MISC |
microsoft -- windows_10 | A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'. | 2019-10-10 | 4.3 | CVE-2019-1318 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340. | 2019-10-10 | 4.6 | CVE-2019-1320 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340. | 2019-10-10 | 4.6 | CVE-2019-1322 MISC |
microsoft -- windows_10 | An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'. | 2019-10-10 | 4.9 | CVE-2019-1325 MISC |
microsoft -- windows_7 | An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | 2019-10-10 | 4.3 | CVE-2019-1361 MISC MISC |
mpc-hc -- mpc-hc | MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e. | 2019-10-08 | 4.6 | CVE-2019-17260 MISC MISC |
netreo -- omnicenter | Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application. | 2019-10-09 | 5.0 | CVE-2019-17128 MISC MISC |
nixos -- nix | Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. | 2019-10-09 | 4.6 | CVE-2019-17365 MISC MLIST |
open-emr -- openemr | XSS in library/custom_template/add_template.php in OpenEMR through 5.0.2 allows a malicious user to execute code in the context of a victim's browser via a crafted list_id query parameter. | 2019-10-04 | 4.3 | CVE-2019-17179 MISC |
openproject -- openproject | An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. | 2019-10-09 | 4.3 | CVE-2019-17092 MISC CONFIRM CONFIRM |
orbisius -- child_theme_creator | The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. | 2019-10-07 | 4.0 | CVE-2015-9456 MISC MISC CONFIRM |
otcms -- otcms | OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file. | 2019-10-09 | 6.5 | CVE-2019-17370 MISC |
pi-hole -- pi-hole | Pi-Hole 4.3 allows Command Injection. | 2019-10-09 | 6.8 | CVE-2019-13051 MISC MISC MISC MISC |
python -- pillow | An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. | 2019-10-04 | 4.3 | CVE-2019-16865 MISC |
realbigplugins -- client_dash | The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS. | 2019-10-10 | 4.3 | CVE-2019-17071 MISC MISC |
redmine -- redmine | In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. | 2019-10-09 | 4.3 | CVE-2019-17427 MISC |
s-cms -- s-cms | S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. | 2019-10-09 | 4.3 | CVE-2019-17368 MISC |
sap -- financial_consolidation | Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection. | 2019-10-08 | 6.4 | CVE-2019-0370 MISC CONFIRM |
sap -- netweaver_process_integration | SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check. | 2019-10-08 | 4.0 | CVE-2019-0367 MISC CONFIRM |
seo_searchterms_tagging_2_project -- seo_searchterms_tagging_2 | The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. | 2019-10-10 | 6.5 | CVE-2015-9458 MISC MISC |
seo_searchterms_tagging_2_project -- seo_searchterms_tagging_2 | The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. | 2019-10-10 | 4.3 | CVE-2015-9459 MISC MISC |
sitos -- sitos_six | SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. | 2019-10-07 | 6.5 | CVE-2019-15747 MISC |
sitos -- sitos_six | SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address. | 2019-10-07 | 4.3 | CVE-2019-15749 MISC |
sitos -- sitos_six | A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 2019-10-07 | 4.3 | CVE-2019-15750 MISC |
slidervilla -- smooth_slider | The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. | 2019-10-07 | 6.5 | CVE-2015-9454 MISC MISC MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17292 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17293 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17294 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17295 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17296 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17297 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user. | 2019-10-07 | 6.5 | CVE-2019-17298 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17299 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user. | 2019-10-07 | 6.5 | CVE-2019-17300 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17301 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user. | 2019-10-07 | 6.5 | CVE-2019-17302 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user. | 2019-10-07 | 6.5 | CVE-2019-17303 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17304 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17305 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17306 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17307 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17308 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17309 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17310 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17311 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17312 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. | 2019-10-07 | 6.5 | CVE-2019-17313 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17314 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17315 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17316 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user. | 2019-10-07 | 6.5 | CVE-2019-17317 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17318 MISC |
sugarcrm -- sugarcrm | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. | 2019-10-07 | 6.5 | CVE-2019-17319 MISC |
suse -- suse_linux_enterprise_server | The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary | 2019-10-07 | 6.6 | CVE-2019-3688 CONFIRM |
teampass -- teampass | TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | 2019-10-05 | 4.3 | CVE-2019-17205 MISC |
twitter -- twitter_kit | The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product. | 2019-10-07 | 5.8 | CVE-2019-16263 MISC MISC MISC |
vbulletin -- vbulletin | vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. | 2019-10-04 | 6.4 | CVE-2019-17130 MISC |
vbulletin -- vbulletin | vBulletin before 5.5.4 allows clickjacking. | 2019-10-04 | 4.3 | CVE-2019-17131 MISC |
vbulletin -- vbulletin | vBulletin through 5.5.4 mishandles custom avatars. | 2019-10-04 | 6.8 | CVE-2019-17132 MISC FULLDISC MISC |
vbulletin -- vbulletin | vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. | 2019-10-08 | 4.0 | CVE-2019-17271 MISC MISC |
webarxsecurity -- webarx | The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header. | 2019-10-06 | 4.3 | CVE-2019-17213 MISC MISC |
webarxsecurity -- webarx | The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. | 2019-10-06 | 5.0 | CVE-2019-17214 MISC |
webpagetest -- webpagetest | www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. | 2019-10-05 | 5.0 | CVE-2019-17199 MISC |
wpfactory -- download_plugins_and_themes_from_dashboard | includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. | 2019-10-07 | 4.3 | CVE-2019-17239 MISC MISC |
xen -- xen | An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. | 2019-10-07 | 6.1 | CVE-2019-17340 MISC |
xen -- xen | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. | 2019-10-07 | 6.9 | CVE-2019-17341 MISC |
xen -- xen | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. | 2019-10-07 | 4.4 | CVE-2019-17342 MISC |
xen -- xen | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. | 2019-10-07 | 4.6 | CVE-2019-17343 MISC |
xen -- xen | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. | 2019-10-07 | 4.9 | CVE-2019-17344 MISC |
xen -- xen | An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. | 2019-10-07 | 4.9 | CVE-2019-17345 MISC |
xen -- xen | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). | 2019-10-07 | 4.6 | CVE-2019-17347 MISC |
xen -- xen | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. | 2019-10-07 | 4.9 | CVE-2019-17348 MISC |
xen -- xen | An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | 2019-10-07 | 4.9 | CVE-2019-17349 MISC |
xen -- xen | An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. | 2019-10-07 | 4.9 | CVE-2019-17350 MISC |
xnview -- xnview | XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51. | 2019-10-08 | 4.6 | CVE-2019-17261 MISC MISC |
xnview -- xnview | XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0. | 2019-10-08 | 4.6 | CVE-2019-17262 MISC MISC |
zingbox -- inspector | An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. | 2019-10-09 | 6.5 | CVE-2019-15016 MISC |
zingbox -- inspector | A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. | 2019-10-09 | 5.0 | CVE-2019-15018 MISC |
zingbox -- inspector | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. | 2019-10-09 | 5.0 | CVE-2019-15021 MISC |
zingbox -- inspector | A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. | 2019-10-09 | 5.0 | CVE-2019-15022 MISC |
zingbox -- inspector | A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. | 2019-10-09 | 5.0 | CVE-2019-15023 MISC |
zingbox -- inspector | A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. | 2019-10-09 | 6.8 | CVE-2019-1584 MISC |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cmsmadesimple -- cms_made_simple | CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | 2019-10-06 | 3.5 | CVE-2019-17226 MISC |
hp -- arcsight_logger | Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). | 2019-10-04 | 3.5 | CVE-2019-11656 MISC |
hrworks -- hrworks | HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. | 2019-10-08 | 3.5 | CVE-2019-16416 MISC MISC |
hrworks -- hrworks | HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report. | 2019-10-08 | 3.5 | CVE-2019-16417 MISC MISC |
ibm -- maximo_anywhere | IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. | 2019-10-10 | 2.1 | CVE-2019-4265 XF CONFIRM |
intelliants -- subrion | Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. | 2019-10-06 | 3.5 | CVE-2019-17225 MISC MISC |
laravel-admin -- laravel-admin | z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. | 2019-10-10 | 3.5 | CVE-2019-17433 MISC |
lavalite -- lavalite | LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | 2019-10-10 | 3.5 | CVE-2019-17434 MISC |
libfwsi_project -- libfwsi | In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. | 2019-10-06 | 2.1 | CVE-2019-17263 MISC MISC MISC |
liblnk_project -- liblnk | ** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue. | 2019-10-09 | 2.1 | CVE-2019-17401 MISC |
microsoft -- sharepoint_enterprise_server | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 2019-10-10 | 3.5 | CVE-2019-1070 MISC |
microsoft -- sharepoint_enterprise_server | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | 2019-10-10 | 3.5 | CVE-2019-1328 MISC |
microsoft -- sharepoint_enterprise_server | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330. | 2019-10-10 | 3.5 | CVE-2019-1329 MISC |
microsoft -- windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334. | 2019-10-10 | 2.1 | CVE-2019-1345 MISC MISC |
microsoft -- windows_7 | An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. | 2019-10-10 | 2.1 | CVE-2019-1363 MISC |
pbootcms -- pbootcms | PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | 2019-10-09 | 3.5 | CVE-2019-17417 MISC |
sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting | 2019-10-08 | 3.5 | CVE-2019-0374 MISC CONFIRM |
sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | 2019-10-08 | 3.5 | CVE-2019-0375 MISC CONFIRM |
sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | 2019-10-08 | 3.5 | CVE-2019-0376 MISC CONFIRM |
sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | 2019-10-08 | 3.5 | CVE-2019-0377 MISC CONFIRM |
sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | 2019-10-08 | 3.5 | CVE-2019-0378 MISC CONFIRM |
sap -- financial_consolidation | SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability. | 2019-10-08 | 3.5 | CVE-2019-0369 MISC CONFIRM |
teampass -- teampass | TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | 2019-10-05 | 3.5 | CVE-2019-17203 MISC |
teampass -- teampass | TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | 2019-10-05 | 3.5 | CVE-2019-17204 MISC |
tibco -- master_data_management | The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0. | 2019-10-09 | 3.5 | CVE-2019-11212 CONFIRM CONFIRM |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
activesoft -- mybuilder |
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution | 2019-10-07 | not yet calculated | CVE-2019-12811 MISC |
activesoft -- mybuilder |
MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution. | 2019-10-07 | not yet calculated | CVE-2019-12812 MISC |
altair_engineering -- pbs_professional |
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | 2019-10-09 | not yet calculated | CVE-2019-15719 MISC MISC MISC MISC |
amazon_web_services -- freertos |
Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checking in prvProcessReceivedPublish, resulting in leakage of arbitrary memory contents on a device to an attacker. An attacker sends a malformed MQTT publish packet, and waits for an MQTTACK packet containing the leaked data. | 2019-10-07 | not yet calculated | CVE-2019-13120 CONFIRM |
arista_networks -- extensible_operating_system |
A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17) | 2019-10-10 | not yet calculated | CVE-2019-14810 MISC CONFIRM |
auth0 -- auth0 |
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. | 2019-10-08 | not yet calculated | CVE-2019-16929 CONFIRM |
automattic -- mongoose |
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project). | 2019-10-09 | not yet calculated | CVE-2019-17426 MISC MISC |
avira -- avira_software_updater |
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. | 2019-10-10 | not yet calculated | CVE-2019-17449 MISC |
axiomatic_systems -- bento4 |
An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. | 2019-10-12 | not yet calculated | CVE-2019-17528 MISC MISC |
axiomatic_systems -- bento4 |
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp. | 2019-10-12 | not yet calculated | CVE-2019-17529 MISC MISC |
axiomatic_systems -- bento4 |
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp. | 2019-10-12 | not yet calculated | CVE-2019-17530 MISC MISC |
b3log -- symphony |
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | 2019-10-10 | not yet calculated | CVE-2019-17488 MISC |
belkin -- wemo_switch_28b_devices |
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs. | 2019-10-12 | not yet calculated | CVE-2019-17532 MISC |
bootstrap-3-typeahead -- bootstrap-3-typeahead |
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser. | 2019-10-08 | not yet calculated | CVE-2019-10215 CONFIRM |
bouncy_castle -- bouncy_castle_crypto_package |
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. | 2019-10-08 | not yet calculated | CVE-2019-17359 MISC MISC |
centreon -- centreon_web |
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | 2019-10-08 | not yet calculated | CVE-2018-21023 MLIST MISC MISC MISC |
centreon -- centreon_web |
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | 2019-10-08 | not yet calculated | CVE-2018-21024 MLIST CONFIRM MISC |
centreon -- centreon_web |
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | 2019-10-08 | not yet calculated | CVE-2018-21021 MLIST MISC MISC |
centreon -- centreon_web |
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | 2019-10-08 | not yet calculated | CVE-2018-21022 MLIST MISC MISC |
centreon -- centreon_web |
The token generator in index.php in Centreon Web before 2.8.27 is predictable. | 2019-10-08 | not yet calculated | CVE-2019-17105 MLIST CONFIRM MISC |
centreon -- centreon_web |
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | 2019-10-08 | not yet calculated | CVE-2018-21020 MLIST MISC MISC |
centreon -- centreon_web |
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | 2019-10-08 | not yet calculated | CVE-2019-17107 MLIST MISC MISC |
centreon -- centreon_web |
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | 2019-10-08 | not yet calculated | CVE-2019-17108 MLIST MISC MISC |
citrix -- application_delivery_management |
Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. | 2019-10-09 | not yet calculated | CVE-2019-17366 CONFIRM |
cobham -- explorer_710 |
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. | 2019-10-10 | not yet calculated | CVE-2019-9529 CERT-VN |
cobham -- explorer_710 |
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device. | 2019-10-10 | not yet calculated | CVE-2019-9531 CERT-VN |
cobham -- explorer_710 |
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory. | 2019-10-10 | not yet calculated | CVE-2019-9530 CERT-VN |
cobham -- explorer_710 |
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service. | 2019-10-10 | not yet calculated | CVE-2019-9534 CERT-VN |
cobham -- explorer_710 |
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. | 2019-10-10 | not yet calculated | CVE-2019-9533 CERT-VN |
cobham -- explorer_710 |
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. | 2019-10-10 | not yet calculated | CVE-2019-9532 CERT-VN |
compal -- ch7465lg_devices |
The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter. | 2019-10-11 | not yet calculated | CVE-2019-17499 MISC |
craft_cms -- craft_cms |
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. | 2019-10-10 | not yet calculated | CVE-2019-17496 MISC MISC |
d-link -- dap-1320_routers |
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack. | 2019-10-11 | not yet calculated | CVE-2019-17505 MISC |
d-link -- dir-615_devices |
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | 2019-10-09 | not yet calculated | CVE-2019-17353 MISC MISC MISC MISC |
d-link -- dir-816l_devices |
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp. | 2019-10-11 | not yet calculated | CVE-2019-17507 MISC |
d-link -- dir-846_devices | D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php. | 2019-10-11 | not yet calculated | CVE-2019-17509 MISC |
d-link -- dir-846_devices |
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php. | 2019-10-11 | not yet calculated | CVE-2019-17510 MISC |
d-link -- dir-859_and_dir-8850_devices | On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. | 2019-10-11 | not yet calculated | CVE-2019-17508 MISC |
d-link -- dir-868l_and_dir-817lw_routers |
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. | 2019-10-11 | not yet calculated | CVE-2019-17506 MISC |
dbell -- wi-fi_smart_video_doorbell |
The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end of life in 2016. | 2019-10-08 | not yet calculated | CVE-2019-13336 MISC MISC MISC |
dell -- encryption_enterprise |
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator. | 2019-10-07 | not yet calculated | CVE-2019-3745 MISC |
dell_emc -- avamar_server |
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place. | 2019-10-09 | not yet calculated | CVE-2019-3765 CONFIRM |
envoy_proxy -- envoy |
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack. | 2019-10-09 | not yet calculated | CVE-2019-15226 MISC MISC MISC |
espressif -- esp-idf |
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled. | 2019-10-07 | not yet calculated | CVE-2019-15894 CONFIRM |
fastadmin -- fastadmin |
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. | 2019-10-10 | not yet calculated | CVE-2019-17432 MISC |
fasterxml -- jackson-databind |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. | 2019-10-12 | not yet calculated | CVE-2019-17531 MISC MISC |
fiberhome -- hg2201t |
/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution. | 2019-10-08 | not yet calculated | CVE-2019-17186 MISC |
frost_ming -- redis_wrapper |
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. | 2019-10-05 | not yet calculated | CVE-2019-17206 MISC MISC MISC |
genesys -- pureengage_digital |
Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). | 2019-10-11 | not yet calculated | CVE-2019-17176 MISC MISC MISC MISC MISC |
gnu -- binutils | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | 2019-10-10 | not yet calculated | CVE-2019-17450 MISC |
gnu -- binutils |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. | 2019-10-10 | not yet calculated | CVE-2019-17451 MISC MISC |
gnupg_project -- boa |
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. | 2019-10-11 | not yet calculated | CVE-2018-21027 CONFIRM CONFIRM |
gnupg_project -- boa |
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. | 2019-10-11 | not yet calculated | CVE-2018-21028 CONFIRM CONFIRM |
google -- android | In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465 | 2019-10-11 | not yet calculated | CVE-2019-2183 CONFIRM |
google -- android | In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348 | 2019-10-11 | not yet calculated | CVE-2019-2114 CONFIRM |
google -- android |
In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447 | 2019-10-11 | not yet calculated | CVE-2019-2186 CONFIRM |
google -- android |
In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699 | 2019-10-11 | not yet calculated | CVE-2019-2185 CONFIRM |
google -- android |
In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122 | 2019-10-11 | not yet calculated | CVE-2019-2184 CONFIRM |
google -- android |
In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-69703445 | 2019-10-11 | not yet calculated | CVE-2019-2110 CONFIRM |
google -- android |
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 | 2019-10-11 | not yet calculated | CVE-2019-2173 CONFIRM |
google -- android |
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 | 2019-10-11 | not yet calculated | CVE-2019-2215 CONFIRM |
google -- android |
In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143 | 2019-10-11 | not yet calculated | CVE-2019-2187 CONFIRM |
graphite_project -- graphite |
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. | 2019-10-11 | not yet calculated | CVE-2017-18638 MISC MISC MISC MISC MISC |
gree -- gree+_application_for_andriod |
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery. | 2019-10-11 | not yet calculated | CVE-2018-20582 MISC MISC |
hotaru_cms -- hotaru_cms |
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1. | 2019-10-12 | not yet calculated | CVE-2019-17522 MISC MISC |
hp -- touchpoint_analytics |
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service. | 2019-10-11 | not yet calculated | CVE-2019-6333 CONFIRM |
hyrda -- hyrda |
Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer. | 2019-10-12 | not yet calculated | CVE-2019-17502 MISC MISC |
icewrap -- webclient |
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | 2019-10-11 | not yet calculated | CVE-2010-5335 MISC MISC |
icewrap -- webclient |
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | 2019-10-11 | not yet calculated | CVE-2010-5334 MISC MISC |
icewrap -- webclient |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | 2019-10-11 | not yet calculated | CVE-2010-5336 MISC MISC |
icewrap -- webclient |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | 2019-10-11 | not yet calculated | CVE-2010-5337 MISC MISC |
icewrap -- webclient |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | 2019-10-11 | not yet calculated | CVE-2010-5338 MISC MISC |
icewrap -- webclient |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | 2019-10-11 | not yet calculated | CVE-2010-5339 MISC MISC |
icewrap -- webclient |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | 2019-10-11 | not yet calculated | CVE-2010-5340 MISC MISC |
intel -- active_system_console |
Insufficient path checking in the installer for Intel(R) Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2019-10-11 | not yet calculated | CVE-2019-11120 CONFIRM |
intel -- nuc |
Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 2019-10-11 | not yet calculated | CVE-2019-14570 CONFIRM |
intel -- nuc |
Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 2019-10-11 | not yet calculated | CVE-2019-14569 CONFIRM |
intel -- smart_connect_technology_for_intel_nuc |
Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | 2019-10-11 | not yet calculated | CVE-2019-11167 CONFIRM |
internet_systems_consortium -- bind | An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition. | 2019-10-09 | not yet calculated | CVE-2019-6469 CONFIRM |
internet_systems_consortium -- bind |
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. | 2019-10-09 | not yet calculated | CVE-2018-5744 CONFIRM |
internet_systems_consortium -- bind |
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. | 2019-10-09 | not yet calculated | CVE-2019-6471 CONFIRM CONFIRM |
internet_systems_consortium -- bind |
In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected. | 2019-10-09 | not yet calculated | CVE-2019-6468 CONFIRM |
internet_systems_consortium -- bind |
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch. | 2019-10-09 | not yet calculated | CVE-2019-6467 CONFIRM |
internet_systems_consortium -- bind |
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. | 2019-10-09 | not yet calculated | CVE-2019-6465 CONFIRM |
internet_systems_consortium -- bind |
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743. | 2019-10-09 | not yet calculated | CVE-2018-5743 CONFIRM |
internet_systems_consortium -- bind |
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. | 2019-10-09 | not yet calculated | CVE-2018-5745 CONFIRM |
internet_systems_consortium -- isc_dhcp |
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0 | 2019-10-09 | not yet calculated | CVE-2018-5732 CONFIRM |
iterm2 -- iterm2 |
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content. | 2019-10-09 | not yet calculated | CVE-2019-9535 MISC CONFIRM CERT-VN |
jfinal -- jfinal |
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions. | 2019-10-08 | not yet calculated | CVE-2019-17352 MISC MISC MISC |
jiangan_online_judge -- jiangan_online_judge | app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI. | 2019-10-10 | not yet calculated | CVE-2019-17490 MISC |
joicom_corporation -- renpho_application |
An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials). | 2019-10-09 | not yet calculated | CVE-2019-14808 MISC MISC MISC |
joomlashack -- shack_forms_pro |
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. | 2019-10-09 | not yet calculated | CVE-2019-17399 MISC |
juniper_networks -- junos_os |
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2. | 2019-10-09 | not yet calculated | CVE-2019-0062 CONFIRM |
juniper_networks -- junos_os |
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. | 2019-10-09 | not yet calculated | CVE-2019-0073 MISC |
juniper_networks -- junos_os |
A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected. | 2019-10-09 | not yet calculated | CVE-2019-0059 MISC |
juniper_networks -- junos_os |
The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. | 2019-10-09 | not yet calculated | CVE-2019-0061 MISC |
juniper_networks -- junos_os |
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2. | 2019-10-09 | not yet calculated | CVE-2019-0074 MISC |
juniper_networks -- junos_os |
Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions. | 2019-10-09 | not yet calculated | CVE-2019-0067 CONFIRM |
juniper_networks -- junos_os |
An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3. | 2019-10-09 | not yet calculated | CVE-2019-0066 MISC MISC |
juniper_networks -- junos_os |
A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2. | 2019-10-09 | not yet calculated | CVE-2019-0047 MISC |
juniper_networks -- junos_os_ex2300_and_ex3400_series |
Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user with shell access to install untrusted executable images, and elevate privileges to gain full control of the system. During the installation of an affected version of Junos OS are installed, the following messages will be logged to the console: Initializing Verified Exec: /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/brcm-hr3.dtb: Authentication error veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/contents.izo: Authentication error ... This issue affects Juniper Networks Junos OS: 18.1R3-S4 on EX2300, EX2300-C and EX3400; 18.3R1-S3 on EX2300, EX2300-C and EX3400. | 2019-10-09 | not yet calculated | CVE-2019-0071 MISC MISC |
juniper_networks -- junos_os_multiple_series |
A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R2. | 2019-10-09 | not yet calculated | CVE-2019-0075 MISC |
juniper_networks -- junos_os_multiple_series |
On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX platforms with the Linux Host OS architecture, it does not affect other SRX and EX platforms that do not use the Linux Host OS architecture. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series; 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series; 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series; 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series; 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series; 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series; 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series; 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series; 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series; 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series; 15.1X53 versions prior to 15.1X53-D496 on NFX Series, 17.2 versions prior to 17.2R3-S1 on NFX Series; 17.3 versions prior to 17.3R3-S4 on NFX Series; 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series, 18.1 versions prior to 18.1R3-S4 on NFX Series; 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series; 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series. | 2019-10-09 | not yet calculated | CVE-2019-0069 CONFIRM |
juniper_networks -- junos_os_mx_series |
On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on MX Series: 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S6 ; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S3; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. | 2019-10-09 | not yet calculated | CVE-2019-0065 CONFIRM |
juniper_networks -- junos_os_mx_series |
This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2. | 2019-10-09 | not yet calculated | CVE-2019-0056 MISC |
juniper_networks -- junos_os_mx_series |
When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue only affects systems configured with DHCPv6 enabled. DHCPv4 is unaffected by this issue. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S5 on MX Series; 16.1 versions prior to 16.1R7-S5 on MX Series; 16.2 versions prior to 16.2R2-S10 on MX Series; 17.1 versions prior to 17.1R3-S1 on MX Series; 17.2 versions prior to 17.2R3-S2 on MX Series; 17.3 versions prior to 17.3R3-S6 on MX Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S6 on MX Series; 18.2 versions prior to 18.2R2-S4, 18.2R3 on MX Series; 18.2X75 versions prior to 18.2X75-D50 on MX Series; 18.3 versions prior to 18.3R1-S5, 18.3R3 on MX Series; 18.4 versions prior to 18.4R2 on MX Series; 19.1 versions prior to 19.1R1-S2, 19.1R2 on MX Series. | 2019-10-09 | not yet calculated | CVE-2019-0063 MISC |
juniper_networks -- junos_os_nfx_series |
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series. | 2019-10-09 | not yet calculated | CVE-2019-0070 MISC |
juniper_networks -- junos_os_nfx_series |
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5. | 2019-10-09 | not yet calculated | CVE-2019-0057 MISC |
juniper_networks -- junos_os_srx1500_series |
Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this condition occurs. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D170 on SRX1500; 17.3 versions prior to 17.3R3-S7 on SRX1500; 17.4 versions prior to 17.4R2-S8, 17.4R3 on SRX1500; 18.1 versions prior to 18.1R3-S8 on SRX1500; 18.2 versions prior to 18.2R3 on SRX1500; 18.3 versions prior to 18.3R2 on SRX1500; 18.4 versions prior to 18.4R2 on SRX1500. | 2019-10-09 | not yet calculated | CVE-2019-0050 CONFIRM |
juniper_networks -- junos_os_srx5000_series |
On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series. | 2019-10-09 | not yet calculated | CVE-2019-0064 MISC |
juniper_networks -- junos_os_srx5000_series |
SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2. | 2019-10-09 | not yet calculated | CVE-2019-0051 MISC |
juniper_networks -- junos_os_srx_series |
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series. | 2019-10-09 | not yet calculated | CVE-2019-0055 MISC MLIST |
juniper_networks -- junos_os_srx_series |
The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2. | 2019-10-09 | not yet calculated | CVE-2019-0068 CONFIRM |
juniper_networks -- junos_os_srx_series |
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series. | 2019-10-09 | not yet calculated | CVE-2019-0060 MISC MISC |
juniper_networks -- junos_os_srx_series |
A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain actions. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D80 on SRX Series. | 2019-10-09 | not yet calculated | CVE-2019-0058 MISC |
juniper_networks -- junos_os_srx_series |
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected. | 2019-10-09 | not yet calculated | CVE-2019-0054 MISC MISC |
juniper_networks -- sbr_carrier |
An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4. | 2019-10-09 | not yet calculated | CVE-2019-0072 MISC |
kaseva -- vsa_rmm |
An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.) | 2019-10-11 | not yet calculated | CVE-2019-14510 MISC MISC MISC MISC MISC |
kirona -- dynamic_resource_scheduling |
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc. | 2019-10-11 | not yet calculated | CVE-2019-17503 MISC |
kirona -- dynamic_resource_scheduling |
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter. | 2019-10-11 | not yet calculated | CVE-2019-17504 MISC |
knex.js -- knex.js |
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB. | 2019-10-08 | not yet calculated | CVE-2019-10757 CONFIRM |
kramer -- viaware |
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | 2019-10-09 | not yet calculated | CVE-2019-17124 MISC |
landing-cms -- landing-cms |
An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI, | 2019-10-12 | not yet calculated | CVE-2019-17521 MISC |
laravel-bjyblog -- laravel-bjyblog |
laravel-bjyblog 6.1.1 has XSS via a crafted URL. | 2019-10-10 | not yet calculated | CVE-2019-17494 MISC |
libntlm -- libntlm |
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | 2019-10-10 | not yet calculated | CVE-2019-17455 MISC |
libtom_project -- libtomcrypt |
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data. | 2019-10-08 | not yet calculated | CVE-2019-17362 MISC MISC MLIST MISC |
libvips -- libvips |
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free. | 2019-10-12 | not yet calculated | CVE-2019-17534 MISC MISC MISC |
mantisbt -- mantisbt |
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | 2019-10-09 | not yet calculated | CVE-2019-15715 CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM CONFIRM |
mcafee -- endpoint_security |
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. | 2019-10-09 | not yet calculated | CVE-2019-3652 CONFIRM |
mcafee -- endpoint_security |
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool. | 2019-10-09 | not yet calculated | CVE-2019-3653 CONFIRM |
microsoft -- azure_app_service_on_azure_stack |
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1372 MISC |
microsoft -- internet_explorer |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1371 MISC |
microsoft -- microsoft_dynamics_365 |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1375 MISC |
microsoft -- microsoft_edge |
An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1356 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339. | 2019-10-10 | not yet calculated | CVE-2019-1342 MISC |
microsoft -- multiple_windows_products |
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1230 MISC |
microsoft -- multiple_windows_products |
An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1321 MISC |
microsoft -- multiple_windows_products |
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1166 MISC |
microsoft -- multiple_windows_products |
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1344 MISC MISC |
microsoft -- multiple_windows_products |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345. | 2019-10-10 | not yet calculated | CVE-2019-1334 MISC |
microsoft -- multiple_windows_products |
An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1337 MISC |
microsoft -- multiple_windows_products |
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342. | 2019-10-10 | not yet calculated | CVE-2019-1339 MISC |
microsoft -- multiple_windows_products |
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347. | 2019-10-10 | not yet calculated | CVE-2019-1346 MISC MISC |
microsoft -- multiple_windows_products |
An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1341 MISC |
microsoft -- multiple_windows_products |
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347. | 2019-10-10 | not yet calculated | CVE-2019-1343 MISC MISC |
microsoft -- multiple_windows_products |
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1368 MISC |
microsoft -- multiple_windows_products |
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1365 MISC |
microsoft -- multiple_windows_products |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358. | 2019-10-10 | not yet calculated | CVE-2019-1359 MISC |
microsoft -- multiple_windows_products |
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359. | 2019-10-10 | not yet calculated | CVE-2019-1358 MISC |
microsoft -- multiple_windows_products |
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346. | 2019-10-10 | not yet calculated | CVE-2019-1347 MISC MISC |
microsoft -- multiple_windows_products |
An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322. | 2019-10-10 | not yet calculated | CVE-2019-1340 MISC |
microsoft -- windows_10_mobile |
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1314 MISC |
microsoft -- windows_7_and_windows_server_2008 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364. | 2019-10-10 | not yet calculated | CVE-2019-1362 MISC MISC MISC |
microsoft -- windows_7_and_windows_server_2008 |
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1338 MISC |
microsoft -- windows_7_and_windows_server_2008 |
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362. | 2019-10-10 | not yet calculated | CVE-2019-1364 MISC MISC |
microsoft -- windows_update_assistant |
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'. | 2019-10-10 | not yet calculated | CVE-2019-1378 MISC |
moxa -- edr_810 |
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. | 2019-10-08 | not yet calculated | CVE-2019-10963 MISC |
moxa -- edr_810 |
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. | 2019-10-08 | not yet calculated | CVE-2019-10969 MISC |
netaddr_gem_for_ruby_on_rails -- netaddr_gem_for_ruby_on_rails |
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | 2019-10-09 | not yet calculated | CVE-2019-17383 MISC MISC |
netapp -- clustered_data_ontap |
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. | 2019-10-09 | not yet calculated | CVE-2019-5506 CONFIRM |
netapp -- snapmanager_for_oracle |
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. | 2019-10-09 | not yet calculated | CVE-2019-5507 CONFIRM |
netgear -- multiple_devices |
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. | 2019-10-09 | not yet calculated | CVE-2019-17373 MISC |
netgear -- multiple_devices |
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L. | 2019-10-09 | not yet calculated | CVE-2019-17372 MISC |
netsarang -- xftp | NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. | 2019-10-10 | not yet calculated | CVE-2019-17320 MISC |
node-red -- node-red-dashboard |
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. | 2019-10-08 | not yet calculated | CVE-2019-10756 CONFIRM |
nvidia -- shield_tv |
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 2019-10-09 | not yet calculated | CVE-2019-5700 CONFIRM |
nvidia -- shield_tv |
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges. | 2019-10-09 | not yet calculated | CVE-2019-5699 CONFIRM |
open_information_security_foundation -- libhtp |
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. | 2019-10-09 | not yet calculated | CVE-2019-17420 MISC MISC MISC |
openbsd -- openssh |
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. | 2019-10-09 | not yet calculated | CVE-2019-16905 MISC MISC MISC MISC CONFIRM CONFIRM |
openstack_project -- openstack_octavia |
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. | 2019-10-08 | not yet calculated | CVE-2019-17134 MISC MISC MISC MISC MISC MISC CONFIRM MISC UBUNTU |
otcms -- otcms |
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. | 2019-10-09 | not yet calculated | CVE-2019-17369 MISC |
palo_alto_networks -- zingbox_inspector |
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. | 2019-10-09 | not yet calculated | CVE-2019-15017 MISC |
palo_alto_networks -- zingbox_inspector |
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. | 2019-10-09 | not yet calculated | CVE-2019-15015 MISC |
prettyphoto -- prettyphoto |
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. | 2019-10-10 | not yet calculated | CVE-2015-9478 MISC MISC |
python -- python |
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. | 2019-10-12 | not yet calculated | CVE-2019-17514 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
redhat -- ansible |
Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ansible_engine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. | 2019-10-08 | not yet calculated | CVE-2019-14846 CONFIRM |
redhat -- openshift | A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. | 2019-10-08 | not yet calculated | CVE-2019-14845 CONFIRM |
riot -- riot |
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted. | 2019-10-09 | not yet calculated | CVE-2019-17389 MISC |
rsyslog -- rsyslog |
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. | 2019-10-07 | not yet calculated | CVE-2019-17041 CONFIRM CONFIRM |
samsung -- laser_printers |
A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service. | 2019-10-11 | not yet calculated | CVE-2019-6335 CONFIRM |
samsung -- multiple_p_phones |
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic. | 2019-10-09 | not yet calculated | CVE-2019-11341 MISC MISC MISC |
sap -- customer_relationship_management |
SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability. | 2019-10-08 | not yet calculated | CVE-2019-0368 MISC CONFIRM |
sap -- landscape_management_enterprise_edition |
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters? default values to be part of the application logs leading to Information Disclosure. | 2019-10-08 | not yet calculated | CVE-2019-0380 MISC CONFIRM |
sap -- process_integration |
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check | 2019-10-08 | not yet calculated | CVE-2019-0379 MISC CONFIRM |
sap -- sql_anywhere |
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user. | 2019-10-08 | not yet calculated | CVE-2019-0381 MISC CONFIRM |
siemens -- multiple_products |
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.2.3), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G150 (Control Unit) (All versions), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-10-10 | not yet calculated | CVE-2019-10936 CONFIRM |
siemens -- multiple_products |
A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. | 2019-10-10 | not yet calculated | CVE-2019-10923 CONFIRM |
siemens -- simatic_it_uadm | A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-10-10 | not yet calculated | CVE-2019-13929 CONFIRM |
siemens -- simatic_winac_rtx_(f)_2010 |
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-10-10 | not yet calculated | CVE-2019-13921 CONFIRM |
signal -- private_messenger |
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping. | 2019-10-04 | not yet calculated | CVE-2019-17191 MISC MISC MISC |
sma_solar_technology -- sunny_webox |
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation. | 2019-10-09 | not yet calculated | CVE-2019-13529 MISC MISC |
socomec -- diris_a-40_devices |
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. | 2019-10-09 | not yet calculated | CVE-2019-15859 MISC FULLDISC MISC |
softing -- uagate_si |
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | 2019-10-10 | not yet calculated | CVE-2019-15051 MISC |
softing -- uagate_si |
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations. | 2019-10-10 | not yet calculated | CVE-2019-11526 MISC |
softing -- uagate_si |
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter. | 2019-10-10 | not yet calculated | CVE-2019-11527 MISC |
softing -- uagate_si |
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable. | 2019-10-10 | not yet calculated | CVE-2019-11528 MISC |
softland -- file_sharing_wizard |
A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331. | 2019-10-09 | not yet calculated | CVE-2019-17415 MISC |
solarwinds -- dameware_mini_remote_client |
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account. | 2019-10-08 | not yet calculated | CVE-2019-3980 MISC |
sophos -- cyberoamos |
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | 2019-10-11 | not yet calculated | CVE-2019-17059 CONFIRM MISC MISC |
swagger -- swagger_ui |
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method. | 2019-10-10 | not yet calculated | CVE-2019-17495 MISC MISC |
syslog -- rsyslog |
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. | 2019-10-07 | not yet calculated | CVE-2019-17042 CONFIRM CONFIRM |
tbeu -- matio |
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. | 2019-10-12 | not yet calculated | CVE-2019-17533 MISC MISC |
tinylcy -- vino |
tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL. | 2019-10-09 | not yet calculated | CVE-2019-17414 MISC |
tracker_software -- pdf-xchange_editor |
Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. | 2019-10-10 | not yet calculated | CVE-2019-17497 MISC |
v-zug -- combi-steam_mslq_devices |
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service. | 2019-10-06 | not yet calculated | CVE-2019-17218 MISC |
v-zug -- combi-steam_mslq_devices |
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort. | 2019-10-06 | not yet calculated | CVE-2019-17216 MISC |
v-zug -- combi-steam_mslq_devices |
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device. | 2019-10-06 | not yet calculated | CVE-2019-17215 MISC |
v-zug -- combi-steam_mslq_devices |
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service. | 2019-10-06 | not yet calculated | CVE-2019-17217 MISC |
v-zug -- combi-steam_mslq_devices |
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control. | 2019-10-06 | not yet calculated | CVE-2019-17219 MISC |
vmware -- multiple_products | ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. | 2019-10-10 | not yet calculated | CVE-2019-5527 CONFIRM |
vmware -- workstation_and_fusion |
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7. | 2019-10-10 | not yet calculated | CVE-2019-5535 CONFIRM |
wordpress -- wordpress | The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9487 MISC |
wordpress -- wordpress | The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9490 MISC |
wordpress -- wordpress | The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9492 MISC |
wordpress -- wordpress | The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | 2019-10-07 | not yet calculated | CVE-2015-9455 MISC MISC |
wordpress -- wordpress | The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter. | 2019-10-10 | not yet calculated | CVE-2015-9470 MISC MISC |
wordpress -- wordpress | The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter. | 2019-10-10 | not yet calculated | CVE-2015-9457 MISC MISC MISC |
wordpress -- wordpress | The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. | 2019-10-10 | not yet calculated | CVE-2015-9480 EXPLOIT-DB |
wordpress -- wordpress |
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | 2019-10-10 | not yet calculated | CVE-2015-9479 MISC |
wordpress -- wordpress |
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. | 2019-10-10 | not yet calculated | CVE-2015-9460 MISC MISC MISC |
wordpress -- wordpress |
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. | 2019-10-10 | not yet calculated | CVE-2015-9472 MISC MISC MISC |
wordpress -- wordpress |
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable. | 2019-10-10 | not yet calculated | CVE-2015-9466 MISC MISC MISC |
wordpress -- wordpress |
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | 2019-10-10 | not yet calculated | CVE-2015-9471 MISC MISC MISC |
wordpress -- wordpress |
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | 2019-10-10 | not yet calculated | CVE-2015-9463 MISC MISC |
wordpress -- wordpress |
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | 2019-10-10 | not yet calculated | CVE-2015-9464 MISC EXPLOIT-DB |
wordpress -- wordpress |
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. | 2019-10-10 | not yet calculated | CVE-2015-9462 MISC MISC MISC |
wordpress -- wordpress |
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. | 2019-10-10 | not yet calculated | CVE-2015-9469 MISC MISC |
wordpress -- wordpress |
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter. | 2019-10-10 | not yet calculated | CVE-2015-9465 MISC MISC MISC |
wordpress -- wordpress |
The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9486 MISC |
wordpress -- wordpress |
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter. | 2019-10-10 | not yet calculated | CVE-2015-9473 MISC |
wordpress -- wordpress |
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9483 MISC |
wordpress -- wordpress |
The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php. | 2019-10-10 | not yet calculated | CVE-2019-17386 MISC MISC MISC MISC |
wordpress -- wordpress |
The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9489 MISC |
wordpress -- wordpress |
The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9488 MISC |
wordpress -- wordpress |
The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9485 MISC |
wordpress -- wordpress |
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. | 2019-10-10 | not yet calculated | CVE-2015-9474 MISC |
wordpress -- wordpress |
The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9484 MISC |
wordpress -- wordpress |
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9482 MISC |
wordpress -- wordpress |
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9481 MISC |
wordpress -- wordpress |
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. | 2019-10-10 | not yet calculated | CVE-2015-9477 MISC |
wordpress -- wordpress |
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. | 2019-10-10 | not yet calculated | CVE-2015-9476 MISC |
wordpress -- wordpress |
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. | 2019-10-10 | not yet calculated | CVE-2015-9475 MISC |
wordpress -- wordpress |
The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | 2019-10-11 | not yet calculated | CVE-2015-9491 MISC |
yealink -- multiple_phones |
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. | 2019-10-08 | not yet calculated | CVE-2019-14656 MISC MISC |
yealink -- multiple_phones |
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | 2019-10-08 | not yet calculated | CVE-2019-14657 MISC MISC |
zabbix -- zabbix |
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. | 2019-10-09 | not yet calculated | CVE-2019-17382 MISC |
zoho_manageengine -- datasecurity_plus |
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password). | 2019-10-09 | not yet calculated | CVE-2019-17112 MISC MISC |
zyxel -- nbg-418n_router |
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page. | 2019-10-09 | not yet calculated | CVE-2019-17354 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from CISA All NCAS Products https://www.us-cert.gov/ncas/bulletins/sb19-287
Comments
Post a Comment