US-CERT Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Original release date: October 7, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. 2019-09-27 10.0 CVE-2019-8073
CONFIRM
adobe — coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. 2019-09-27 10.0 CVE-2019-8074
CONFIRM
corsair — link The “CLink4Service” service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. 2019-09-27 7.2 CVE-2018-19592
MISC
MISC
dlink — dhp-1565_firmware Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a “PingTest” device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. 2019-09-27 10.0 CVE-2019-16920
MISC
exim — exim Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. 2019-09-27 7.5 CVE-2019-16928
MLIST
MLIST
MLIST
MLIST
MISC
MISC
MISC
FEDORA
FEDORA
BUGTRAQ
UBUNTU
DEBIAN
google — android In the Bluetooth stack, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113575306 2019-09-27 7.2 CVE-2019-9259
MISC
google — android In sensorservice, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-119501435 2019-09-27 7.2 CVE-2019-9266
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663384 2019-09-27 7.5 CVE-2019-9301
MISC
google — android In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128431761 2019-09-27 7.1 CVE-2019-9348
MISC
google — android In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124330204 2019-09-27 7.1 CVE-2019-9349
MISC
google — android In Bluetooth, there is a possible deserialization error due to missing string validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838537 2019-09-27 7.5 CVE-2019-9365
MISC
google — android In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 2019-09-27 7.1 CVE-2019-9371
MISC
google — android In libskia, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132782448 2019-09-27 7.1 CVE-2019-9372
MISC
google — android In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124329638 2019-09-27 7.1 CVE-2019-9379
MISC
google — android In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check. This could lead to local bypass of the Lockguard with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120568007 2019-09-27 7.2 CVE-2019-9384
MISC
google — android In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210 2019-09-27 7.1 CVE-2019-9418
MISC
google — android In libttspico, there is a possible OOB write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79593569 2019-09-27 7.5 CVE-2019-9459
MISC
govicture — pc530_firmware Victure PC530 devices allow unauthenticated TELNET access as root. 2019-10-01 10.0 CVE-2019-15940
MISC
MISC
idcos — cloudboot CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. 2019-09-30 7.5 CVE-2019-16999
MISC
ilch — ilch_cms Ilch 2.1.22 allows remote code execution because php is listed under “Allowed files” on the index.php/admin/media/settings/index page. 2019-09-30 9.0 CVE-2019-17046
MISC
jetbrains — ktor JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. 2019-10-02 7.5 CVE-2019-12736
CONFIRM
jetbrains — teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. 2019-10-02 9.0 CVE-2019-15036
CONFIRM
linux — linux_kernel In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. 2019-09-30 7.8 CVE-2019-16994
MISC
MISC
linux — linux_kernel In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. 2019-09-30 7.8 CVE-2019-16995
MISC
MISC
MISC
mozilla — firefox Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69. 2019-09-27 7.5 CVE-2019-11734
MISC
CONFIRM
mozilla — firefox Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27 7.5 CVE-2019-11735
SUSE
SUSE
MISC
CONFIRM
CONFIRM
mozilla — firefox Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27 7.5 CVE-2019-11740
SUSE
SUSE
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27 9.3 CVE-2019-11752
SUSE
SUSE
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
plataformatec — simple_form Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. 2019-09-30 7.5 CVE-2019-16676
CONFIRM
MISC
MISC
qualcomm — ipq4019_firmware Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855 2019-09-30 7.2 CVE-2019-10499
CONFIRM
qualcomm — ipq8074_firmware Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130 2019-09-30 10.0 CVE-2019-10539
CONFIRM
qualcomm — ipq8074_firmware Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130 2019-09-30 10.0 CVE-2019-10540
CONFIRM
qualcomm — mdm9205_firmware Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-09-30 10.0 CVE-2019-2294
CONFIRM
qualcomm — mdm9206_firmware Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-09-30 7.8 CVE-2019-10489
CONFIRM
qualcomm — mdm9607_firmware Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439 2019-09-30 7.2 CVE-2019-10492
CONFIRM
qualcomm — mdm9650_firmware Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-09-30 10.0 CVE-2019-2252
CONFIRM
qualcomm — msm8909w_firmware Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 2019-09-30 10.0 CVE-2019-10509
CONFIRM
qualcomm — msm8909w_firmware Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24 2019-09-30 10.0 CVE-2019-10538
CONFIRM
qualcomm — qcs405_firmware BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660 2019-09-30 8.5 CVE-2019-10510
CONFIRM
rsyslog — rsyslog contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. 2019-09-30 7.5 CVE-2019-17040
MISC
salesagility — suitecrm SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. 2019-10-02 7.5 CVE-2019-14454
CONFIRM
CONFIRM
tcpdump — tcpdump The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). 2019-10-03 7.5 CVE-2018-14468
MISC
CONFIRM
tcpdump — tcpdump The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). 2019-10-03 7.5 CVE-2018-14879
MISC
CONFIRM
tcpdump — tcpdump The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). 2019-10-03 7.5 CVE-2018-14880
MISC
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). 2019-10-03 7.5 CVE-2018-14881
MISC
CONFIRM
tcpdump — tcpdump The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. 2019-10-03 7.5 CVE-2018-14882
MISC
CONFIRM
tcpdump — tcpdump The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. 2019-10-03 7.5 CVE-2018-16227
MISC
CONFIRM
tcpdump — tcpdump The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). 2019-10-03 7.5 CVE-2018-16228
MISC
CONFIRM
tcpdump — tcpdump The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). 2019-10-03 7.5 CVE-2018-16229
MISC
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). 2019-10-03 7.5 CVE-2018-16230
MISC
CONFIRM
tcpdump — tcpdump The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. 2019-10-03 7.5 CVE-2018-16451
MISC
CONFIRM
tcpdump — tcpdump lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. 2019-10-03 7.5 CVE-2019-15166
MISC
CONFIRM
umbraco — umbraco In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. 2019-10-02 7.5 CVE-2019-13957
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-09-27 5.0 CVE-2019-8072
CONFIRM
adobe — flash_player Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-09-27 5.0 CVE-2019-8075
CONFIRM
dell — emc_integrated_data_protection_appliance_firmware Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user. 2019-09-27 4.0 CVE-2019-3736
CONFIRM
dell — emc_integrated_data_protection_appliance_firmware Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. 2019-09-27 6.5 CVE-2019-3746
CONFIRM
ebrigade — ebrigade eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. 2019-09-30 6.5 CVE-2019-16743
MISC
MISC
ebrigade — ebrigade eBrigade before 5.0 has evenements.php cid SQL Injection. 2019-09-30 6.5 CVE-2019-16744
MISC
MISC
ebrigade — ebrigade eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. 2019-09-30 6.5 CVE-2019-16745
MISC
MISC
emlog — emlog emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. 2019-10-01 5.5 CVE-2019-17073
MISC
esafenet — cdg CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. 2019-09-30 5.0 CVE-2017-18636
MISC
evernote — evernote Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. 2019-09-30 6.8 CVE-2019-17051
MISC
MISC
flower_project — flower Flower 0.9.3 has XSS via the name parameter in an @app.task call. 2019-09-27 4.3 CVE-2019-16925
MISC
flower_project — flower Flower 0.9.3 has XSS via a crafted worker name. 2019-09-27 4.3 CVE-2019-16926
MISC
foxitsoftware — foxit_reader Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2). 2019-09-30 5.0 CVE-2019-13123
CONFIRM
foxitsoftware — foxit_reader Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2). 2019-09-30 5.0 CVE-2019-13124
CONFIRM
gfi — kerio_control A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim’s cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. 2019-09-30 4.3 CVE-2019-16414
MISC
MISC
MISC
MISC
glyphandcog — xpdf Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. 2019-09-27 4.3 CVE-2019-16927
MISC
golang — go Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. 2019-09-30 5.0 CVE-2019-16276
CONFIRM
MISC
google — android In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 2019-09-27 4.6 CVE-2018-9425
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113164693 2019-09-27 6.8 CVE-2019-2055
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118386824 2019-09-27 6.8 CVE-2019-2059
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112709994 2019-09-27 4.3 CVE-2019-2060
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112610994 2019-09-27 6.8 CVE-2019-2061
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117660045 2019-09-27 6.8 CVE-2019-2062
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116019594 2019-09-27 6.8 CVE-2019-2063
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116469592 2019-09-27 6.8 CVE-2019-2064
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118143575 2019-09-27 6.8 CVE-2019-2065
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100617 2019-09-27 6.8 CVE-2019-2066
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116114402 2019-09-27 6.8 CVE-2019-2067
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117099943 2019-09-27 6.8 CVE-2019-2068
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117832864 2019-09-27 6.8 CVE-2019-2069
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117883804 2019-09-27 6.8 CVE-2019-2070
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117216549 2019-09-27 6.8 CVE-2019-2071
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116117112 2019-09-27 6.8 CVE-2019-2072
MISC
google — android In libxaac there is a possible out of bounds write to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100484 2019-09-27 6.8 CVE-2019-2073
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116617847 2019-09-27 6.8 CVE-2019-2074
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115908308 2019-09-27 6.8 CVE-2019-2075
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115907334 2019-09-27 6.8 CVE-2019-2076
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114745929 2019-09-27 6.8 CVE-2019-2077
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114749542 2019-09-27 6.8 CVE-2019-2078
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509210 2019-09-27 4.3 CVE-2019-2079
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118619159 2019-09-27 6.8 CVE-2019-2080
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116473261 2019-09-27 6.8 CVE-2019-2081
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495103 2019-09-27 6.8 CVE-2019-2082
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495362 2019-09-27 6.8 CVE-2019-2083
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117494734 2019-09-27 6.8 CVE-2019-2084
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117496180 2019-09-27 6.8 CVE-2019-2085
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114735603 2019-09-27 6.8 CVE-2019-2086
MISC
google — android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118149009 2019-09-27 6.8 CVE-2019-2087
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118494320 2019-09-27 4.3 CVE-2019-2138
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610049 2019-09-27 4.3 CVE-2019-2139
MISC
google — android In libxaac, there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705708 2019-09-27 4.3 CVE-2019-2140
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705155 2019-09-27 6.8 CVE-2019-2141
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112768568 2019-09-27 4.3 CVE-2019-2142
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114746174 2019-09-27 4.3 CVE-2019-2143
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112856493 2019-09-27 4.3 CVE-2019-2144
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112858430 2019-09-27 4.3 CVE-2019-2145
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112859714 2019-09-27 4.3 CVE-2019-2146
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116474108 2019-09-27 4.3 CVE-2019-2147
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113508105 2019-09-27 4.3 CVE-2019-2148
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113262406 2019-09-27 4.3 CVE-2019-2149
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117935831 2019-09-27 4.3 CVE-2019-2150
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495174 2019-09-27 4.3 CVE-2019-2151
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118145923 2019-09-27 4.3 CVE-2019-2152
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112611181 2019-09-27 4.3 CVE-2019-2153
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610057 2019-09-27 4.3 CVE-2019-2154
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117655547 2019-09-27 4.3 CVE-2019-2155
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552816 2019-09-27 4.3 CVE-2019-2156
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112611363 2019-09-27 4.3 CVE-2019-2157
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118766492 2019-09-27 4.3 CVE-2019-2158
MISC
google — android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112707186 2019-09-27 6.8 CVE-2019-2159
MISC
google — android In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112715795 2019-09-27 4.3 CVE-2019-2160
MISC
google — android In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112553431 2019-09-27 4.3 CVE-2019-2161
MISC
google — android In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112713720 2019-09-27 4.3 CVE-2019-2162
MISC
google — android In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118138797 2019-09-27 4.3 CVE-2019-2163
MISC
google — android In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113263695 2019-09-27 4.3 CVE-2019-2164
MISC
google — android In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112712154 2019-09-27 4.3 CVE-2019-2165
MISC
google — android In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117661478 2019-09-27 4.3 CVE-2019-2166
MISC
google — android In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118615501 2019-09-27 4.3 CVE-2019-2167
MISC
google — android In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492594 2019-09-27 4.3 CVE-2019-2168
MISC
google — android In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492282 2019-09-27 4.3 CVE-2019-2169
MISC
google — android In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118615735 2019-09-27 4.3 CVE-2019-2170
MISC
google — android In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035224 2019-09-27 4.3 CVE-2019-2172
MISC
google — android In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112309571 2019-09-27 6.9 CVE-2019-2188
MISC
google — android In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112312381 2019-09-27 6.9 CVE-2019-2189
MISC
google — android In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 2019-09-27 5.0 CVE-2019-9232
MISC
google — android In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021 2019-09-27 5.0 CVE-2019-9233
MISC
google — android In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122465453 2019-09-27 5.0 CVE-2019-9234
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121325979 2019-09-27 4.3 CVE-2019-9237
MISC
google — android In the NFC stack, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121267042 2019-09-27 6.9 CVE-2019-9238
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121036603 2019-09-27 5.0 CVE-2019-9241
MISC
google — android In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166 2019-09-27 4.3 CVE-2019-9247
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120276962 2019-09-27 5.0 CVE-2019-9250
MISC
google — android In libavc there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73339042 2019-09-27 4.3 CVE-2019-9252
MISC
google — android In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728 2019-09-27 4.9 CVE-2019-9253
MISC
google — android In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111921829 2019-09-27 6.8 CVE-2019-9256
MISC
google — android In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113572342 2019-09-27 4.6 CVE-2019-9257
MISC
google — android In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113655028 2019-09-27 4.6 CVE-2019-9258
MISC
google — android In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113495295 2019-09-27 5.0 CVE-2019-9260
MISC
google — android In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774214 2019-09-27 4.3 CVE-2019-9261
MISC
google — android In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351 2019-09-27 6.8 CVE-2019-9262
MISC
google — android In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774502 2019-09-27 4.3 CVE-2019-9264
MISC
google — android In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37994606 2019-09-27 5.0 CVE-2019-9265
MISC
google — android In System Settings, there is a possible permissions bypass due to a cached Linux user ID. This could lead to a local permissions bypass with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36899497 2019-09-27 4.4 CVE-2019-9269
MISC
google — android In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 2019-09-27 6.8 CVE-2019-9278
MISC
google — android In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382 2019-09-27 5.0 CVE-2019-9279
MISC
google — android In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076 2019-09-27 5.0 CVE-2019-9281
MISC
google — android In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113211371 2019-09-27 4.3 CVE-2019-9282
MISC
google — android In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663564 2019-09-27 4.3 CVE-2019-9283
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111850706 2019-09-27 5.0 CVE-2019-9284
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215315 2019-09-27 5.0 CVE-2019-9285
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111213909 2019-09-27 5.0 CVE-2019-9286
MISC
google — android In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111363077 2019-09-27 4.6 CVE-2019-9288
MISC
google — android In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113039724 2019-09-27 4.6 CVE-2019-9290
MISC
google — android In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This could lead to remote code execution in Bluetooth with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112159179 2019-09-27 6.8 CVE-2019-9291
MISC
google — android In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117661116 2019-09-27 4.3 CVE-2019-9293
MISC
google — android In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764444 2019-09-27 4.3 CVE-2019-9294
MISC
google — android In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to a to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36885811 2019-09-27 4.6 CVE-2019-9295
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242 2019-09-27 6.8 CVE-2019-9297
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112892194 2019-09-27 6.8 CVE-2019-9298
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663886 2019-09-27 6.8 CVE-2019-9299
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661610 2019-09-27 6.8 CVE-2019-9300
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661356 2019-09-27 6.8 CVE-2019-9302
MISC
google — android In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057 2019-09-27 6.8 CVE-2019-9303
MISC
google — android In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662270 2019-09-27 6.8 CVE-2019-9304
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661835 2019-09-27 6.8 CVE-2019-9305
MISC
google — android In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661348 2019-09-27 6.8 CVE-2019-9306
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661893 2019-09-27 6.8 CVE-2019-9307
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661742 2019-09-27 6.8 CVE-2019-9308
MISC
google — android In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117985575 2019-09-27 4.4 CVE-2019-9309
MISC
google — android In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112891546 2019-09-27 6.8 CVE-2019-9310
MISC
google — android In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79431031 2019-09-27 5.0 CVE-2019-9311
MISC
google — android In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112005441 2019-09-27 4.3 CVE-2019-9313
MISC
google — android In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563 2019-09-27 4.3 CVE-2019-9314
MISC
google — android In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326216 2019-09-27 4.3 CVE-2019-9315
MISC
google — android In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052432 2019-09-27 4.3 CVE-2019-9316
MISC
google — android In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052258 2019-09-27 4.3 CVE-2019-9317
MISC
google — android In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764725 2019-09-27 4.3 CVE-2019-9318
MISC
google — android In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762100 2019-09-27 4.3 CVE-2019-9319
MISC
google — android In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111761624 2019-09-27 4.3 CVE-2019-9320
MISC
google — android In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111208713 2019-09-27 4.3 CVE-2019-9321
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111128067 2019-09-27 4.3 CVE-2019-9322
MISC
google — android In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233 2019-09-27 5.0 CVE-2019-9323
MISC
google — android In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 2019-09-27 4.3 CVE-2019-9325
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215173 2019-09-27 5.0 CVE-2019-9326
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112050583 2019-09-27 5.0 CVE-2019-9327
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111895000 2019-09-27 5.0 CVE-2019-9328
MISC
google — android In Bluetooth, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112917952 2019-09-27 5.0 CVE-2019-9329
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214739 2019-09-27 5.0 CVE-2019-9330
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112272279 2019-09-27 5.0 CVE-2019-9331
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-78286500 2019-09-27 5.0 CVE-2019-9332
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109753657 2019-09-27 5.0 CVE-2019-9333
MISC
google — android In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112859934 2019-09-27 4.3 CVE-2019-9334
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112328051 2019-09-27 4.3 CVE-2019-9335
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326322 2019-09-27 4.3 CVE-2019-9336
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112204376 2019-09-27 4.3 CVE-2019-9337
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762686 2019-09-27 4.3 CVE-2019-9338
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214770 2019-09-27 5.0 CVE-2019-9341
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214470 2019-09-27 5.0 CVE-2019-9342
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112050983 2019-09-27 5.0 CVE-2019-9343
MISC
google — android In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128433933 2019-09-27 6.8 CVE-2019-9346
MISC
google — android In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815 2019-09-27 4.6 CVE-2019-9350
MISC
google — android In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124253062 2019-09-27 4.3 CVE-2019-9352
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123024201 2019-09-27 4.3 CVE-2019-9353
MISC
google — android In NFC server, there’s a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118148142 2019-09-27 4.3 CVE-2019-9354
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115903122 2019-09-27 5.0 CVE-2019-9355
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662995 2019-09-27 6.8 CVE-2019-9357
MISC
google — android In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120156401 2019-09-27 4.4 CVE-2019-9358
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407302 2019-09-27 4.3 CVE-2019-9359
MISC
google — android In the TEE, there’s a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120610663 2019-09-27 4.9 CVE-2019-9360
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762807 2019-09-27 4.3 CVE-2019-9361
MISC
google — android In libSACdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426980 2019-09-27 4.3 CVE-2019-9362
MISC
google — android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123584306 2019-09-27 6.8 CVE-2019-9363
MISC
google — android In libSBRdec there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052062 2019-09-27 4.3 CVE-2019-9366
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112106425 2019-09-27 5.0 CVE-2019-9367
MISC
google — android In sonivox, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-133880046 2019-09-27 4.3 CVE-2019-9370
MISC
google — android In CompanionDeviceManager, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129476618 2019-09-27 4.6 CVE-2019-9374
MISC
google — android In hostapd, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129344244 2019-09-27 6.9 CVE-2019-9375
MISC
google — android In the Accounts package, there is a possible crash due to improper input validation. This could lead to permanent local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129287265 2019-09-27 4.9 CVE-2019-9376
MISC
google — android In the Activity Manager service, there is a possible permission bypass due to incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124539196 2019-09-27 4.6 CVE-2019-9378
MISC
google — android In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123700098 2019-09-27 4.3 CVE-2019-9380
MISC
google — android In netd, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122677612 2019-09-27 5.0 CVE-2019-9381
MISC
google — android In libeffects, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120874654 2019-09-27 6.8 CVE-2019-9382
MISC
google — android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120452956 2019-09-27 4.3 CVE-2019-9385
MISC
google — android In NFC server, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122361874 2019-09-27 6.9 CVE-2019-9386
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117569833 2019-09-27 5.0 CVE-2019-9387
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117567437 2019-09-27 5.0 CVE-2019-9388
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117567058 2019-09-27 5.0 CVE-2019-9389
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117551475 2019-09-27 5.0 CVE-2019-9390
MISC
google — android In libxaac, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111050781 2019-09-27 4.3 CVE-2019-9391
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116357965 2019-09-27 5.0 CVE-2019-9393
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116351796 2019-09-27 5.0 CVE-2019-9394
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116267405 2019-09-27 5.0 CVE-2019-9395
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115747155 2019-09-27 5.0 CVE-2019-9396
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115747410 2019-09-27 5.0 CVE-2019-9397
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115745406 2019-09-27 5.0 CVE-2019-9398
MISC
google — android The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115635664 2019-09-27 4.3 CVE-2019-9399
MISC
google — android In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509589 2019-09-27 5.0 CVE-2019-9400
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115375248 2019-09-27 5.0 CVE-2019-9401
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115372550 2019-09-27 5.0 CVE-2019-9402
MISC
google — android In cn-cbor, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113512324 2019-09-27 4.3 CVE-2019-9403
MISC
google — android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112923309 2019-09-27 5.0 CVE-2019-9404
MISC
google — android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890225 2019-09-27 6.8 CVE-2019-9405
MISC
google — android In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552517 2019-09-27 4.3 CVE-2019-9406
MISC
google — android In notification management of the service manager, there is a possible permissions bypass. This could lead to local escalation of privilege by preventing user notification, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112434609 2019-09-27 4.6 CVE-2019-9407
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112380157 2019-09-27 4.3 CVE-2019-9408
MISC
google — android In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112272091 2019-09-27 4.3 CVE-2019-9409
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112204443 2019-09-27 4.3 CVE-2019-9410
MISC
google — android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112204845 2019-09-27 4.3 CVE-2019-9411
MISC
google — android In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112006096 2019-09-27 4.3 CVE-2019-9412
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111935831 2019-09-27 5.0 CVE-2019-9413
MISC
google — android In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111893041 2019-09-27 4.3 CVE-2019-9414
MISC
google — android In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111805098 2019-09-27 4.3 CVE-2019-9415
MISC
google — android In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111804142 2019-09-27 4.3 CVE-2019-9416
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407544 2019-09-27 5.0 CVE-2019-9419
MISC
google — android In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111272481 2019-09-27 4.3 CVE-2019-9420
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214766 2019-09-27 5.0 CVE-2019-9422
MISC
google — android In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616 2019-09-27 4.6 CVE-2019-9423
MISC
google — android In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092 2019-09-27 4.3 CVE-2019-9424
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110846194 2019-09-27 5.0 CVE-2019-9425
MISC
google — android In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110150807 2019-09-27 4.3 CVE-2019-9428
MISC
google — android In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110035108 2019-09-27 4.6 CVE-2019-9429
MISC
google — android In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838296 2019-09-27 5.0 CVE-2019-9430
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109755179 2019-09-27 4.0 CVE-2019-9431
MISC
google — android In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80546108 2019-09-27 5.0 CVE-2019-9432
MISC
google — android In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 2019-09-27 4.3 CVE-2019-9433
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80432895 2019-09-27 4.0 CVE-2019-9434
MISC
google — android In mediaserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-62535446 2019-09-27 4.6 CVE-2019-9460
MISC
google — android In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-91544774 2019-09-27 5.0 CVE-2019-9462
MISC
google — android In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113584607 2019-09-27 4.4 CVE-2019-9463
MISC
ibm — daeja_viewone IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521. 2019-10-01 5.0 CVE-2019-4246
XF
CONFIRM
ibm — security_directory_server IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. 2019-10-02 5.0 CVE-2019-4520
XF
CONFIRM
ibm — security_directory_server IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660. 2019-10-02 5.8 CVE-2019-4538
XF
CONFIRM
ibm — security_directory_server IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812. 2019-10-02 5.5 CVE-2019-4539
XF
CONFIRM
ibm — security_directory_server IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815. 2019-10-02 4.3 CVE-2019-4542
XF
CONFIRM
ibm — security_directory_server IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. 2019-10-02 5.0 CVE-2019-4549
XF
CONFIRM
ibm — security_guardium IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768. 2019-10-03 6.5 CVE-2019-4422
XF
CONFIRM
ibm — sterling_file_gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503. 2019-09-30 5.0 CVE-2019-4280
XF
CONFIRM
ibm — sterling_file_gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. 2019-09-30 5.0 CVE-2019-4423
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server – Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. 2019-09-30 6.5 CVE-2019-4304
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. 2019-09-30 5.0 CVE-2019-4305
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. 2019-10-03 5.0 CVE-2019-4441
XF
CONFIRM
ibm — websphere_extreme_scale IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. 2019-09-30 5.8 CVE-2019-4109
XF
CONFIRM
jenkins — ldap_email Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-10-01 5.0 CVE-2019-10434
MLIST
CONFIRM
jenkins — sourcegear_vault Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. 2019-10-01 5.0 CVE-2019-10435
MLIST
CONFIRM
jetbrains — teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. 2019-10-02 4.3 CVE-2019-15037
CONFIRM
jetbrains — teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2018.2.5 and 2019.1. 2019-10-01 6.8 CVE-2019-15039
CONFIRM
jetbrains — youtrack JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. 2019-10-01 4.3 CVE-2019-14952
CONFIRM
jetbrains — youtrack JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. 2019-10-01 4.3 CVE-2019-14953
MISC
jetbrains — youtrack JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. 2019-10-02 4.0 CVE-2019-14956
CONFIRM
jetbrains — youtrack JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. 2019-10-02 6.8 CVE-2019-15040
MISC
jetbrains — youtrack In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. 2019-10-02 4.3 CVE-2019-16171
MISC
libreoffice — libreoffice LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1. 2019-09-27 6.8 CVE-2019-9853
MLIST
CONFIRM
metinfo — metinfo In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. 2019-09-30 6.5 CVE-2019-16996
MISC
metinfo — metinfo In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. 2019-09-30 6.5 CVE-2019-16997
MISC
mozilla — firefox When a master password is set, it is required to be entered again before stored passwords can be accessed in the ‘Saved Logins’ dialog. It was found that locally stored passwords can be copied to the clipboard thorough the ‘copy password’ context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2. 2019-09-27 5.0 CVE-2019-11733
SUSE
SUSE
MISC
CONFIRM
mozilla — firefox The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27 4.4 CVE-2019-11736
SUSE
SUSE
MISC
MISC
CONFIRM
CONFIRM
mozilla — firefox If a wildcard (‘*’) is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69. 2019-09-27 5.0 CVE-2019-11737
MISC
CONFIRM
mozilla — firefox If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27 6.8 CVE-2019-11738
SUSE
SUSE
MISC
CONFIRM
CONFIRM
mozilla — firefox A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user’s Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69. 2019-09-27 4.3 CVE-2019-11741
MISC
CONFIRM
mozilla — firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27 4.3 CVE-2019-11742
SUSE
SUSE
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Navigation events were not fully adhering to the W3C’s “Navigation-Timing Level 2” draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27 4.3 CVE-2019-11743
SUSE
SUSE
SUSE
SUSE
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Some HTML elements, such as &lt;title&gt; and &lt;textarea&gt;, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27 4.3 CVE-2019-11744
SUSE
SUSE
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27 6.8 CVE-2019-11746
SUSE
SUSE
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox The “Forget about this site” feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site’s HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27 4.3 CVE-2019-11747
SUSE
SUSE
MISC
CONFIRM
CONFIRM
mozilla — firefox WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27 4.3 CVE-2019-11748
SUSE
SUSE
MISC
CONFIRM
CONFIRM
mozilla — firefox A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27 4.3 CVE-2019-11749
SUSE
SUSE
MISC
CONFIRM
CONFIRM
mozilla — firefox A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27 4.3 CVE-2019-11750
SUSE
SUSE
MISC
CONFIRM
CONFIRM
mozilla — firefox Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows ‘Startup’ folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 2019-09-27 6.8 CVE-2019-11751
SUSE
SUSE
MISC
CONFIRM
CONFIRM
mozilla — firefox The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. 2019-09-27 4.6 CVE-2019-11753
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1. 2019-09-27 4.3 CVE-2019-11754
MISC
CONFIRM
mozilla — thunderbird Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. 2019-09-27 4.3 CVE-2019-11739
SUSE
SUSE
MISC
CONFIRM
CONFIRM
mozilla — thunderbird A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1. 2019-09-27 5.0 CVE-2019-11755
SUSE
SUSE
MISC
CONFIRM
netdisco — netdisco Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter. 2019-09-30 4.3 CVE-2019-15810
MISC
MISC
netgear — srx5308_firmware NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. 2019-09-30 5.0 CVE-2019-17049
MISC
nsa — ghidra NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call). 2019-09-28 6.8 CVE-2019-16941
MISC
MISC
MISC
MISC
MISC
MISC
online_store_system_project — online_store_system Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected. 2019-10-01 4.3 CVE-2019-8290
MLIST
MISC
MISC
phpbb — phpbb In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. 2019-09-30 6.8 CVE-2019-16993
MISC
MLIST
MISC
MISC
python — python The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. 2019-09-27 4.3 CVE-2019-16935
MISC
MISC
MISC
MISC
qualcomm — mdm9150_firmware Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30 4.6 CVE-2019-10497
CONFIRM
qualcomm — mdm9150_firmware Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30 4.6 CVE-2019-10498
CONFIRM
qualcomm — mdm9150_firmware Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30 4.6 CVE-2019-10501
CONFIRM
qualcomm — mdm9150_firmware Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 2019-09-30 4.6 CVE-2019-10507
CONFIRM
qualcomm — mdm9150_firmware Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820A, SDX20 2019-09-30 4.6 CVE-2019-10508
CONFIRM
qualcomm — mdm9150_firmware Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30 4.6 CVE-2019-2333
CONFIRM
qualcomm — mdm9150_firmware Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-09-30 4.6 CVE-2019-2341
CONFIRM
qualcomm — mdm9206_firmware While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24 2019-09-30 4.6 CVE-2019-10506
CONFIRM
qualcomm — msm8909w_firmware Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24 2019-09-30 4.4 CVE-2019-2284
CONFIRM
salesagility — suitecrm SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. 2019-09-30 4.3 CVE-2019-14752
CONFIRM
CONFIRM
salesagility — suitecrm SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. 2019-09-27 5.0 CVE-2019-16922
MISC
tcpdump — tcpdump The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. 2019-10-03 5.0 CVE-2018-16452
MISC
CONFIRM
thecontrolgroup — voyager An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment. 2019-09-30 6.5 CVE-2019-17050
MISC
themeisle — visualizer A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. 2019-09-30 5.8 CVE-2019-16932
MISC
MISC
MISC
whatsapp — whatsapp An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100. 2019-09-27 6.8 CVE-2019-11927
CONFIRM
z.cash — zcash Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party. 2019-09-28 5.0 CVE-2019-16930
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dell — emc_integrated_data_protection_appliance_firmware Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. 2019-09-27 3.5 CVE-2019-3747
CONFIRM
dolibarr — dolibarr Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the “Create/modify other users, groups and permissions” privilege can inject script and can also achieve privilege escalation. 2019-09-27 3.5 CVE-2019-16685
MISC
dolibarr — dolibarr Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. 2019-09-27 3.5 CVE-2019-16686
MISC
dolibarr — dolibarr Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the “Create/modify other users, groups and permissions” privilege can inject script and can also achieve privilege escalation. 2019-09-27 3.5 CVE-2019-16687
MISC
dolibarr — dolibarr Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.) 2019-09-27 3.5 CVE-2019-16688
MISC
google — android In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366 2019-09-27 2.1 CVE-2018-9581
MISC
google — android In LG’s LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68771598 2019-09-27 2.1 CVE-2019-2190
MISC
google — android In LG’s LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68770980 2019-09-27 2.1 CVE-2019-2191
MISC
google — android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053 2019-09-27 1.9 CVE-2019-9235
MISC
google — android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122322613 2019-09-27 1.9 CVE-2019-9236
MISC
google — android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487 2019-09-27 1.9 CVE-2019-9239
MISC
google — android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121150966 2019-09-27 1.9 CVE-2019-9240
MISC
google — android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121035878 2019-09-27 1.9 CVE-2019-9242
MISC
google — android In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120905706 2019-09-27 2.1 CVE-2019-9243
MISC
google — android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120865977 2019-09-27 1.9 CVE-2019-9244
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120255805 2019-09-27 2.1 CVE-2019-9249
MISC
google — android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120274615 2019-09-27 1.9 CVE-2019-9251
MISC
google — android In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77474014 2019-09-27 2.1 CVE-2019-9268
MISC
google — android In WiFi, there is a possible leak of WiFi state due to a permissions bypass. This could lead to a local information disclosure which could be used to determine device location with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-11596047 2019-09-27 2.1 CVE-2019-9272
MISC
google — android In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944 2019-09-27 2.1 CVE-2019-9277
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-78287084 2019-09-27 2.1 CVE-2019-9287
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79883824 2019-09-27 2.1 CVE-2019-9289
MISC
google — android In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115384617 2019-09-27 2.1 CVE-2019-9292
MISC
google — android In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112162089 2019-09-27 1.9 CVE-2019-9296
MISC
google — android In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120845341 2019-09-27 1.9 CVE-2019-9344
MISC
google — android In the m4v_h263 codec, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109891727 2019-09-27 2.1 CVE-2019-9347
MISC
google — android In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864 2019-09-27 2.1 CVE-2019-9351
MISC
google — android In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user’s audio with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73364631 2019-09-27 2.1 CVE-2019-9364
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79883568 2019-09-27 2.1 CVE-2019-9368
MISC
google — android In Bluetooth, there is a use of uninitialized variable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79995407 2019-09-27 2.1 CVE-2019-9369
MISC
google — android In JobStore, there is a mismatched serialization/deserialization for the “battery-not-low” job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-130173029 2019-09-27 2.1 CVE-2019-9373
MISC
google — android In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120843827 2019-09-27 1.9 CVE-2019-9383
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450079 2019-09-27 2.1 CVE-2019-9417
MISC
google — android In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250 2019-09-27 1.9 CVE-2019-9421
MISC
google — android In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110166350 2019-09-27 2.1 CVE-2019-9427
MISC
google — android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80146682 2019-09-27 2.1 CVE-2019-9435
MISC
google — android In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77821568 2019-09-27 2.1 CVE-2019-9438
MISC
google — android In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of the Email app’s protected files with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37637796 2019-09-27 2.1 CVE-2019-9440
MISC
ibm — jazz_reporting_service IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115. 2019-10-01 3.5 CVE-2019-4494
XF
CONFIRM
ibm — jazz_reporting_service IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116. 2019-10-01 3.5 CVE-2019-4495
XF
CONFIRM
ibm — jazz_reporting_service IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118. 2019-10-01 3.5 CVE-2019-4497
XF
CONFIRM
ibm — websphere_extreme_scale IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099. 2019-09-30 3.5 CVE-2019-4106
XF
CONFIRM
ibm — websphere_extreme_scale IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105. 2019-09-30 2.1 CVE-2019-4112
XF
CONFIRM
ibm — websphere_extreme_scale IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113. 2019-09-30 3.5 CVE-2019-4115
XF
CONFIRM
ilch — ilch_cms Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. 2019-09-30 3.5 CVE-2019-17045
MISC
jenkins — dingding Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-10-01 2.1 CVE-2019-10433
MLIST
CONFIRM
MISC
jenkins — html_publisher Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those. 2019-10-01 3.5 CVE-2019-10432
MLIST
CONFIRM
nuvending — nulock The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock. 2019-09-27 3.3 CVE-2019-16924
MISC
online_store_system_project — online_store_system Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. 2019-10-01 3.5 CVE-2019-8288
MLIST
MISC
MISC
online_store_system_project — online_store_system Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable 2019-10-01 3.5 CVE-2019-8289
MLIST
MISC
MISC
xoops — xoops An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes. 2019-09-30 3.5 CVE-2019-16683
MISC
MISC
MISC
xoops — xoops An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes. 2019-09-30 3.5 CVE-2019-16684
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abcprintf — online_store_system Online Store System v1.0 delete_file.php doesn’t check to see if a user has administrative rights nor does it check for path traversal. 2019-10-01 not yet calculated CVE-2019-8291
MLIST
MISC
MISC
abcprintf  — online_store_system Online Store System v1.0 delete_product.php doesn’t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion. 2019-10-01 not yet calculated CVE-2019-8292
MLIST
MISC
MISC
apache — hadoop In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. 2019-10-04 not yet calculated CVE-2018-11768
MISC
MLIST
MLIST
MLIST
MLIST
apache — mina Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA. 2019-10-01 not yet calculated CVE-2019-0231
MISC
athena — multiple_products wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without –enable-fpecc, –enable-sp, or –enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. 2019-10-03 not yet calculated CVE-2019-13628
MLIST
MISC
MISC
MISC
atlassian — bitbucket_butor_portal Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../…&h= substring followed by a filename. 2019-10-02 not yet calculated CVE-2019-13343
MISC
CONFIRM
MISC
CONFIRM
MISC
ca_technologies — ca_network_flow_analysis CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. 2019-10-02 not yet calculated CVE-2019-13658
MISC
FULLDISC
BUGTRAQ
MISC
check_point — r80.30_security_gateway In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging. 2019-10-02 not yet calculated CVE-2019-8462
MISC
MISC
cisco — prime_infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2019-10-02 not yet calculated CVE-2019-12713
CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash. 2019-10-02 not yet calculated CVE-2019-12678
CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. 2019-10-02 not yet calculated CVE-2019-12695
CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device. 2019-10-02 not yet calculated CVE-2019-12698
CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. 2019-10-02 not yet calculated CVE-2019-12676
CISCO

cisco — adaptive_security_appliance_and_firepower_threat_defense_software

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker’s source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device. 2019-10-02 not yet calculated CVE-2019-15256
CISCO
cisco — adaptive_security_appliance_and_firepower_threat_defense_software A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2019-10-02 not yet calculated CVE-2019-12673
CISCO
cisco — adaptive_security_appliance_software A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. The vulnerability is due to incorrect handling of Base64-encoded strings. An attacker could exploit this vulnerability by opening many SSL VPN sessions to an affected device. The attacker would need to have valid user credentials on the affected device to exploit this vulnerability. A successful exploit could allow the attacker to overwrite a special system memory location, which will eventually result in memory allocation errors for new SSL/TLS sessions to the device, preventing successful establishment of these sessions. A reload of the device is required to recover from this condition. Established SSL/TLS connections to the device and SSL/TLS connections through the device are not affected. Note: Although this vulnerability is in the SSL VPN feature, successful exploitation of this vulnerability would affect all new SSL/TLS sessions to the device, including management sessions. 2019-10-02 not yet calculated CVE-2019-12677
CISCO
cisco — adaptive_security_appliance_software A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash. 2019-10-02 not yet calculated CVE-2019-12693
CISCO
cisco — email_security_appliance A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the affected software insufficiently validates certain incoming SPF messages. An attacker could exploit this vulnerability by sending a custom SPF packet to an affected device. A successful exploit could allow the attacker to bypass the configured header filters, which could allow malicious content to pass through the device. 2019-10-02 not yet calculated CVE-2019-12706
CISCO
cisco — firepower_management_center_software Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. 2019-10-02 not yet calculated CVE-2019-12681
CISCO
cisco — firepower_management_center_software A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges. 2019-10-02 not yet calculated CVE-2019-12690
CISCO
cisco — firepower_management_center_software A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. 2019-10-02 not yet calculated CVE-2019-12687
CISCO
cisco — firepower_management_center_software A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. 2019-10-02 not yet calculated CVE-2019-12688
CISCO
cisco — firepower_management_center_software A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device. 2019-10-02 not yet calculated CVE-2019-12689
CISCO
cisco — firepower_management_center_software Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. 2019-10-02 not yet calculated CVE-2019-12683
CISCO
cisco — firepower_management_center_software Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. 2019-10-02 not yet calculated CVE-2019-12686
CISCO
cisco — firepower_management_center_software A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass Cisco FMC Software security restrictions and gain access to the underlying filesystem of the affected device. 2019-10-02 not yet calculated CVE-2019-12691
CISCO
cisco — firepower_management_center_software Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. 2019-10-02 not yet calculated CVE-2019-12679
CISCO
cisco — firepower_management_center_software Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. 2019-10-02 not yet calculated CVE-2019-12680
CISCO
cisco — firepower_management_center_software Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. 2019-10-02 not yet calculated CVE-2019-12684
CISCO
cisco — firepower_management_center_software Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. 2019-10-02 not yet calculated CVE-2019-12685
CISCO
cisco — firepower_management_center_software A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The vulnerability exists because the affected software insufficiently validates incoming traffic. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to bypass the file and malware inspection policies and send malicious traffic through the affected device. 2019-10-02 not yet calculated CVE-2019-12701
CISCO
cisco — firepower_management_center_software
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. 2019-10-02 not yet calculated CVE-2019-12682
CISCO
cisco — firepower_system_software_detection_engine Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. 2019-10-02 not yet calculated CVE-2019-12696
CISCO
cisco — firepower_system_software_detection_engine Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. 2019-10-02 not yet calculated CVE-2019-12697
CISCO
cisco — firepower_threat_defense_and_firepower_management_center_and _fxos_software
 
A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system. 2019-10-02 not yet calculated CVE-2019-12700
CISCO
cisco — firepower_threat_defense_software Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. 2019-10-02 not yet calculated CVE-2019-12675
CISCO
cisco — firepower_threat_defense_software Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. 2019-10-02 not yet calculated CVE-2019-12674
CISCO
cisco — firepower_threat_defense_software A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. 2019-10-02 not yet calculated CVE-2019-12694
CISCO
cisco — fxos_and_firepower_threat_defense_software Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. 2019-10-02 not yet calculated CVE-2019-12699
CISCO
cisco — ic3000_industrial_compute_gateway A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages system resources. An attacker could exploit this vulnerability by opening a large number of simultaneous sessions on the web-based management interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition of the web-based management interface, preventing normal management operations. 2019-10-02 not yet calculated CVE-2019-12714
CISCO
cisco — identity_services_engine A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. 2019-10-02 not yet calculated CVE-2019-12631
CISCO
cisco — multiple_products A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&amp;P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user. 2019-10-02 not yet calculated CVE-2019-1915
CISCO
cisco — multiple_unified_communications_products A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2019-10-02 not yet calculated CVE-2019-12707
CISCO
cisco — prime_infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input in multiple sections of the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2019-10-02 not yet calculated CVE-2019-12712
CISCO
cisco — security_manager A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser. 2019-10-02 not yet calculated CVE-2019-12630
CISCO
cisco — unified_communications_manager_and_unified_communications_ manager_session_management_edition A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2019-10-02 not yet calculated CVE-2019-12715
CISCO
cisco — unified_communications_manager_and_unified_communications_ manager_session_management_edition A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system. 2019-10-02 not yet calculated CVE-2019-12710
CISCO
cisco — unified_communications_manager_and_unified_communications_ manager_session_management_edition A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system. 2019-10-02 not yet calculated CVE-2019-15272
CISCO
cisco — unified_communications_manager_and_unified_communications_ manager_session_management_edition A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2019-10-02 not yet calculated CVE-2019-12716
CISCO
cisco — unified_communications_manager_and_unified_communications_ manager_session_management_edition A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition. 2019-10-02 not yet calculated CVE-2019-12711
CISCO
cisco — unified_contact_center_express_software A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits. 2019-10-02 not yet calculated CVE-2019-15259
CISCO
codehaus — codehaus A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike. 2019-10-01 not yet calculated CVE-2019-10202
CONFIRM
compal — ch7465lg_devices Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem. 2019-10-02 not yet calculated CVE-2019-13025
MISC
dayrui — xunruicms An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area. 2019-10-01 not yet calculated CVE-2019-17074
MISC
dell_emc — elastic_cloud_storage Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts. 2019-09-27 not yet calculated CVE-2019-3766
CONFIRM
eclipse — mojarra_for_eclipse_and_mojarra_javaserver_faces faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. 2019-10-02 not yet calculated CVE-2019-17091
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
elastic — code A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user. 2019-10-01 not yet calculated CVE-2019-7618
MISC
MISC
enterprisedt — completeftp_server EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash. 2019-10-02 not yet calculated CVE-2019-16116
MISC
MISC
facebook_open_source — hhvm Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0. 2019-10-02 not yet calculated CVE-2019-11929
CONFIRM
CONFIRM
CONFIRM
facebook — whatsapp_for_android A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. 2019-10-03 not yet calculated CVE-2019-11932
CONFIRM
fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. 2019-10-01 not yet calculated CVE-2019-16942
MISC
MISC
MLIST
MISC
DEBIAN
fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. 2019-10-01 not yet calculated CVE-2019-16943
MISC
MLIST
MISC
DEBIAN
fecmall — fecmall An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function. 2019-10-04 not yet calculated CVE-2019-17188
MISC
fon_wireless — multiple_routers FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities. 2019-10-04 not yet calculated CVE-2019-6015
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656. 2019-10-04 not yet calculated CVE-2019-13315
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8491. 2019-10-04 not yet calculated CVE-2019-6775
MISC
MISC
foxit_software — foxit_pdf_reader An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn’t handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 2019-10-02 not yet calculated CVE-2019-5031
MISC
foxit_software — foxit_phantompdf This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759. 2019-10-04 not yet calculated CVE-2019-13317
MISC
MISC
foxit_software — foxit_phantompdf This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757. 2019-10-04 not yet calculated CVE-2019-13316
MISC
MISC
foxit_software — foxit_phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8801. 2019-10-04 not yet calculated CVE-2019-6776
MISC
MISC
foxit_software — foxit_photo_studio This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782. 2019-10-03 not yet calculated CVE-2019-13324
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814. 2019-10-04 not yet calculated CVE-2019-13320
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8695. 2019-10-03 not yet calculated CVE-2019-13329
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8864. 2019-10-03 not yet calculated CVE-2019-13326
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669. 2019-10-04 not yet calculated CVE-2019-13319
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8913. 2019-10-03 not yet calculated CVE-2019-13328
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544. 2019-10-04 not yet calculated CVE-2019-13318
MISC
MISC
foxit_software — foxit_reader Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists. 2019-10-04 not yet calculated CVE-2019-17183
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of templates in XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9149. 2019-10-03 not yet calculated CVE-2019-13332
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8295. 2019-10-04 not yet calculated CVE-2019-6774
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8742. 2019-10-03 not yet calculated CVE-2019-13330
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8888. 2019-10-03 not yet calculated CVE-2019-13327
MISC
MISC
foxit_software — foxit_reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8838. 2019-10-03 not yet calculated CVE-2019-13331
MISC
MISC
foxit_software — foxit_studio_photo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922. 2019-10-03 not yet calculated CVE-2019-13325
MISC
MISC
foxit_software — foxit_studio_photo This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8783. 2019-10-03 not yet calculated CVE-2019-13323
MISC
MISC
freerdp — freerdp HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. 2019-10-04 not yet calculated CVE-2019-17178
MISC
MISC
freerdp — freerdp libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. 2019-10-04 not yet calculated CVE-2019-17177
MISC
MISC
frost_ming — redis_wrapper Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. 2019-10-05 not yet calculated CVE-2019-17206
MISC
MISC
MISC
google — chrome_os The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate. 2019-10-01 not yet calculated CVE-2019-16508
MISC
google — signal_private_messenger_application_for_android The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping. 2019-10-04 not yet calculated CVE-2019-17191
MISC
MISC
MISC
ibm — mq IBM MQ 8.0.0.4 – 8.0.0.12, 9.0.0.0 – 9.0.0.6, 9.1.0.0 – 9.1.0.2, and 9.1.0 – 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352. 2019-10-04 not yet calculated CVE-2019-4227
XF
CONFIRM
ibm — security_key_lifecycle_manager IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. 2019-10-04 not yet calculated CVE-2019-4514
XF
CONFIRM
ibm — security_key_lifecycle_manager IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2019-10-04 not yet calculated CVE-2019-4564
XF
CONFIRM
jenkins — jenkins A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. 2019-10-01 not yet calculated CVE-2019-10431
MLIST
CONFIRM
jetbrains — hub In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. 2019-10-01 not yet calculated CVE-2019-14955
MISC
jetbrains — intellij_idea JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. 2019-10-01 not yet calculated CVE-2019-14954
CONFIRM
jetbrains — ktor_framework UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. 2019-10-02 not yet calculated CVE-2019-12737
CONFIRM
jetbrains — pycharm JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. 2019-10-02 not yet calculated CVE-2019-14958
CONFIRM
jetbrains — resharper JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability. 2019-10-02 not yet calculated CVE-2019-16407
MISC
jetbrains — rider JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. 2019-10-01 not yet calculated CVE-2019-14960
MISC
jetbrains — teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. 2019-10-01 not yet calculated CVE-2019-15035
MISC
jetbrains — teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. 2019-10-01 not yet calculated CVE-2019-15038
MISC
jetbrains — teamcity In JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293, improper validation of user input for one of the fields could lead to Command Injection. 2019-10-02 not yet calculated CVE-2019-12157
MISC
jetbrains — teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. 2019-10-01 not yet calculated CVE-2019-15042
MISC
jetbrains — teamcity Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. 2019-10-02 not yet calculated CVE-2019-12156
CONFIRM
jetbrains — toolbox JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. 2019-10-02 not yet calculated CVE-2019-14959
CONFIRM
jetbrains — upsource JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. 2019-10-01 not yet calculated CVE-2019-14961
MISC
jetbrains — vim_plugin The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. 2019-10-01 not yet calculated CVE-2019-14957
CONFIRM
jetbrains — youtrack JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. 2019-10-01 not yet calculated CVE-2019-15041
MISC
joyplus — joyplus-cms joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. 2019-10-04 not yet calculated CVE-2019-17175
MISC
keybase — keybase_for_ios The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user’s private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user’s personal position on the semantics of an attestation. 2019-09-29 not yet calculated CVE-2019-16992
MISC
MISC
kslabs — ksweb KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter. 2019-10-03 not yet calculated CVE-2019-16198
MISC
kslabs — ksweb_for_android The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the file to be created). This can be a PHP file that is written to in the public web directory and subsequently executed. The attacker must have network connectivity to the PHP server that is running on the Android device. 2019-10-03 not yet calculated CVE-2019-15766
MISC
MISC
kubernetes — kube-state-metrics A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0 and v1.7.1 that enabled annotations to be exposed as metrics. By default, kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default kubectl behavior and this new feature can cause the entire secret content to end up in metric labels, thus inadvertently exposing the secret content in metrics. 2019-10-03 not yet calculated CVE-2019-17110
MISC
libopenmpt — libopenmpt In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. 2019-10-03 not yet calculated CVE-2019-17113
MISC
MISC
MISC
MISC
liferay — portal_community _edition Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. 2019-10-04 not yet calculated CVE-2019-16891
MISC
MISC
MISC
linux_mint — mintinstall mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports. 2019-10-02 not yet calculated CVE-2019-17080
MISC
MISC
MISC
MISC
linux — linux_kernel atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. 2019-10-01 not yet calculated CVE-2019-17054
MISC
MISC
linux — linux_kernel An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. 2019-10-01 not yet calculated CVE-2019-17075
MISC
linux — linux_kernel llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. 2019-10-01 not yet calculated CVE-2019-17056
MISC
MISC
linux — linux_kernel ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. 2019-10-01 not yet calculated CVE-2019-17053
MISC
MISC
linux — linux_kernel base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. 2019-10-01 not yet calculated CVE-2019-17055
MISC
MISC
linux — linux_kernel ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. 2019-10-01 not yet calculated CVE-2019-17052
MISC
MISC
linux — linux_kernel In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. 2019-10-04 not yet calculated CVE-2019-17133
MISC
matrixssl — matrixssl MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar. 2019-10-03 not yet calculated CVE-2019-13629
MLIST
MISC
MISC
MISC
micro_focus — arcsight_logger Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type. 2019-10-04 not yet calculated CVE-2019-11655
MISC
micro_focus — arcsight_logger Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’). 2019-10-04 not yet calculated CVE-2019-11656
MISC
micro_focus — enterprise_developer_and_enterprise_server Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. 2019-10-02 not yet calculated CVE-2019-11651
MISC
multiple_vendors — multiple_products Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001. 2019-10-03 not yet calculated CVE-2019-15809
MLIST
MISC
MISC
MISC
MISC
MISC
nlnet_labs — unbound Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. 2019-10-03 not yet calculated CVE-2019-16866
MISC
MISC
openemr — openemr XSS in library/custom_template/add_template.php in OpenEMR through 5.0.2 allows a malicious user to execute code in the context of a victim’s browser via a crafted list_id query parameter. 2019-10-04 not yet calculated CVE-2019-17179
MISC
openemr — openemr OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. 2019-10-05 not yet calculated CVE-2019-17197
MISC
MISC
pillow — pillow An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. 2019-10-04 not yet calculated CVE-2019-16865
MISC
pivotal — application_manager Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege. 2019-10-01 not yet calculated CVE-2019-11275
CONFIRM
project_redcap — redcap REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. 2019-10-03 not yet calculated CVE-2019-17121
MISC
putty — putty PuTTY before 0.73 mishandles the “bracketed paste mode” protection mechanism, which may allow a session to be affected by malicious clipboard content. 2019-10-01 not yet calculated CVE-2019-17068
MISC
putty — putty PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. 2019-10-01 not yet calculated CVE-2019-17067
MISC
putty — putty PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. 2019-10-01 not yet calculated CVE-2019-17069
MISC
red_hat — jboss_operations_network It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3. 2019-10-03 not yet calculated CVE-2019-3834
CONFIRM
rpyc — rpyc In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. 2019-10-03 not yet calculated CVE-2019-16328
MISC
MISC
rsa — bsafe_crypto-c_micro_edition RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. 2019-09-30 not yet calculated CVE-2019-3732
MISC
rsa — bsafe_crypto-c_micro_edition RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system. 2019-09-30 not yet calculated CVE-2019-3728
MISC
rsa — bsafe_crypto-c_micro_edition RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as ‘Heap Inspection vulnerability’. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. 2019-09-30 not yet calculated CVE-2019-3733
MISC
rsa — bsafe_crypto-c_micro_edition RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. 2019-09-30 not yet calculated CVE-2019-3731
MISC
rsa — bsafe_micro_edition_suite RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a ?padding oracle attack vulnerability?. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. 2019-09-30 not yet calculated CVE-2019-3730
MISC
rsa — bsafe_micro_edition_suite RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system. 2019-09-30 not yet calculated CVE-2019-3729
MISC
rust — rust Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. Rust 1.26.0 through Rust 1.30.0 are not affected and typically will emit an error because the `package` key is unstable. Rust 1.31.0 and after are not affected because Cargo understands the `package` key. Users of the affected versions are strongly encouraged to update their compiler to the latest available one. Preventing this issue from happening requires updating your compiler to be either Rust 1.26.0 or newer. There will be no point release for Rust versions prior to 1.26.0. Users of Rust 1.19.0 to Rust 1.25.0 can instead apply linked patches to mitigate the issue. 2019-09-30 not yet calculated CVE-2019-16760
MISC
CONFIRM
MISC
salesagility — suitecrm SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. 2019-10-02 not yet calculated CVE-2019-13335
CONFIRM
CONFIRM
CONFIRM
snowtide — pdfxstream In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling. 2019-10-01 not yet calculated CVE-2019-17063
MISC
tcpdump.org — libpcap sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. 2019-10-03 not yet calculated CVE-2019-15165
CONFIRM
CONFIRM
CONFIRM
CONFIRM
tcpdump.org — libpcap rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request. 2019-10-03 not yet calculated CVE-2019-15161
CONFIRM
CONFIRM
CONFIRM
tcpdump.org — libpcap rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. 2019-10-03 not yet calculated CVE-2019-15162
CONFIRM
CONFIRM
CONFIRM
tcpdump.org — libpcap rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. 2019-10-03 not yet calculated CVE-2019-15163
CONFIRM
CONFIRM
CONFIRM
tcpdump.org — libpcap rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. 2019-10-03 not yet calculated CVE-2019-15164
CONFIRM
CONFIRM
CONFIRM
tcpdump.org — tcpdump The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). 2019-10-03 not yet calculated CVE-2018-14470
MISC
CONFIRM
tcpdump.org — tcpdump The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. 2019-10-03 not yet calculated CVE-2018-16300
MISC
CONFIRM
tcpdump.org — tcpdump The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). 2019-10-03 not yet calculated CVE-2018-14466
MISC
CONFIRM
tcpdump.org — tcpdump The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). 2019-10-03 not yet calculated CVE-2018-14467
MISC
CONFIRM
tcpdump.org — tcpdump The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). 2019-10-03 not yet calculated CVE-2018-14463
MISC
CONFIRM
tcpdump.org — tcpdump libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading. 2019-10-03 not yet calculated CVE-2018-16301
MISC
CONFIRM
tcpdump.org — tcpdump The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). 2019-10-03 not yet calculated CVE-2018-14464
MISC
CONFIRM
tcpdump.org — tcpdump tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). 2019-10-03 not yet calculated CVE-2018-10105
CONFIRM
tcpdump.org — tcpdump The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). 2019-10-03 not yet calculated CVE-2018-14462
MISC
CONFIRM
tcpdump.org — tcpdump The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). 2019-10-03 not yet calculated CVE-2018-14461
MISC
CONFIRM
tcpdump.org — tcpdump The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). 2019-10-03 not yet calculated CVE-2018-14465
MISC
CONFIRM
tcpdump.org — tcpdump The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). 2019-10-03 not yet calculated CVE-2018-14469
MISC
CONFIRM
tcpdump.org — tcpdump tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). 2019-10-03 not yet calculated CVE-2018-10103
CONFIRM
teampass — teampass TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. 2019-10-05 not yet calculated CVE-2019-17203
MISC
teampass — teampass TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. 2019-10-05 not yet calculated CVE-2019-17204
MISC
teampass — teampass TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. 2019-10-05 not yet calculated CVE-2019-17205
MISC
undertow — undertow A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files. 2019-10-02 not yet calculated CVE-2019-10212
CONFIRM
valve — steam_client_for_windows Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact. 2019-10-04 not yet calculated CVE-2019-17180
MISC
MISC
MISC
MISC
vbulletin — vbulletin vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. 2019-10-04 not yet calculated CVE-2019-17130
MISC
vbulletin — vbulletin vBulletin before 5.5.4 allows clickjacking. 2019-10-04 not yet calculated CVE-2019-17131
MISC
vbulletin — vbulletin vBulletin through 5.5.4 mishandles custom avatars. 2019-10-04 not yet calculated CVE-2019-17132
MISC
western_digital — ssd_dashboard_and_sandisk_ssd_dashboard Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The ?generate reports? archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available. 2019-09-30 not yet calculated CVE-2019-13466
MISC
CONFIRM

western_digital — ssd_dashboard_and_sandisk_ssd_dashboard_applications

 

Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files. 2019-09-30 not yet calculated CVE-2019-13467
MISC
CONFIRM
wordpress — wordpress A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization. 2019-10-03 not yet calculated CVE-2019-16931
MISC
MISC
MISC
wpo_foundation — webpagetest www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. 2019-10-05 not yet calculated CVE-2019-17199
MISC
xerox — multiple_atlalink_printers Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. 2019-10-04 not yet calculated CVE-2019-17184
MISC
xpdf — xpdf Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. 2019-10-01 not yet calculated CVE-2019-17064
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: September 30, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
centreon — centreon SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. 2019-09-25 7.5 CVE-2019-16194
MISC
MISC
emlog — emlog emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. 2019-09-25 7.5 CVE-2019-16868
MISC
forcepoint — vpn_client Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. 2019-09-20 7.2 CVE-2019-6145
MISC
CONFIRM
gigastone — smart_battery_a4_firmware A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. 2019-09-25 10.0 CVE-2019-15068
CONFIRM
CONFIRM
gigastone — smart_battery_a4_firmware An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. 2019-09-25 7.5 CVE-2019-15069
CONFIRM
CONFIRM
inoideas — inoerp download.php in inoERP 4.15 allows SQL injection through insecure deserialization. 2019-09-26 7.5 CVE-2019-16894
EXPLOIT-DB
integard_pro_project — integard_pro Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. 2019-09-22 7.5 CVE-2019-16702
MISC
joinmastodon — mastodon Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. 2019-09-22 7.5 CVE-2018-21018
MISC
MISC
MISC
MISC
joyplus_project — joyplus joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. 2019-09-21 7.5 CVE-2019-16656
MISC
linea_project — linea An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. 2019-09-25 7.5 CVE-2019-16880
CONFIRM
linux — linux_kernel There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 2019-09-20 7.2 CVE-2019-14814
SUSE
SUSE
MLIST
MISC
CONFIRM
MISC
MLIST
FEDORA
FEDORA
MISC
linux — linux_kernel There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 2019-09-20 7.2 CVE-2019-14816
SUSE
SUSE
MLIST
MISC
CONFIRM
MISC
MLIST
FEDORA
FEDORA
MISC
linux — linux_kernel An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. 2019-09-24 7.5 CVE-2019-16746
MISC
makandra — consul The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. 2019-09-23 7.5 CVE-2019-16377
MISC
MISC
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1221. 2019-09-23 7.6 CVE-2019-1367
MISC
netapp — ontap_select_deploy_administration_utility ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. 2019-09-24 7.5 CVE-2019-5504
MISC
netgate — pfsense pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. 2019-09-25 9.0 CVE-2019-16701
MISC
MISC
MISC
pam-python_project — pam-python pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. 2019-09-24 7.2 CVE-2019-16729
MISC
MISC
MISC
phpipam — phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16692
MISC
phpipam — phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16693
MISC
phpipam — phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16694
MISC
phpipam — phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16695
MISC
phpipam — phpipam phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. 2019-09-22 7.5 CVE-2019-16696
MISC
portaudio-rs_project — portaudio-rs An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. 2019-09-25 7.5 CVE-2019-16881
CONFIRM
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. 2019-09-20 7.5 CVE-2019-14914
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication. 2019-09-20 7.5 CVE-2019-15088
MISC
MISC
silverstripe — silverstripe In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. 2019-09-25 7.5 CVE-2019-12204
MISC
MISC
CONFIRM
smackcoders — ultimate_exporter The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. 2019-09-20 7.5 CVE-2016-11000
MISC
MISC
supermicro — a1sa2-2750f_firmware On Supermicro X10 and X11 products, a client’s access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. 2019-09-20 7.5 CVE-2019-16650
MISC
MISC
MISC
suricata-ids — suricata An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, “flag = *(o->data + 3)” places one beyond the 3 bytes, because the code should have been “flag = *(o->data + 1)” instead. 2019-09-24 7.5 CVE-2019-16411
MISC
MISC
tuzicms — tuzicms App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. 2019-09-20 7.5 CVE-2019-16644
MISC
upredsun — file_sharing_wizard File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331. 2019-09-24 7.5 CVE-2019-16724
MISC
EXPLOIT-DB
vbulletin — vbulletin vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. 2019-09-24 7.5 CVE-2019-16759
MISC
MISC
MISC
MISC
wolfssl — wolfssl In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. 2019-09-24 7.5 CVE-2019-16748
MISC
yejiao — tuzicms App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. 2019-09-20 7.5 CVE-2019-16642
MISC
zte — zxv10_b860a_firmware All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. 2019-09-23 10.0 CVE-2019-3416
CONFIRM
zzzcms — zzzphp ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. 2019-09-23 7.5 CVE-2019-16722
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
5none — nonecms NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. 2019-09-23 5.8 CVE-2019-16721
MISC
acquia — mautic An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. 2019-09-20 4.3 CVE-2018-11200
CONFIRM
advantech — webaccess/hmi_designer In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. 2019-09-25 5.0 CVE-2019-16899
MISC
advantech — webaccess/hmi_designer Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. 2019-09-25 5.0 CVE-2019-16900
MISC
advantech — webaccess/hmi_designer Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. 2019-09-25 5.0 CVE-2019-16901
MISC
agentevolution — impress_listings The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. 2019-09-20 4.3 CVE-2016-11013
MISC
MISC
alo-easymail_project — alo-easymail The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. 2019-09-25 4.3 CVE-2015-9409
MISC
MISC
MISC
altosresearch — altos-connect The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. 2019-09-26 4.3 CVE-2015-9444
MISC
MISC
angrycreative — bj_lazy_load The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. 2019-09-25 5.0 CVE-2015-9415
MISC
MISC
apache — http_server In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. 2019-09-26 6.4 CVE-2019-10082
MISC
apache — http_server In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. 2019-09-26 4.3 CVE-2019-10092
MISC
apache — http_server In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. 2019-09-25 5.8 CVE-2019-10098
MISC
apache — jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-10087
MISC
apache — jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-10089
MISC
apache — jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-10090
MISC
apache — jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-12404
MISC
apache — jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. 2019-09-23 4.3 CVE-2019-12407
MISC
apache — subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion’s svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. 2019-09-26 4.0 CVE-2018-11782
MISC
apache — subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion’s svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. 2019-09-26 5.0 CVE-2019-0203
MISC
apereo — central_authentication_service Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG’s algorithm not being cryptographically strong. 2019-09-23 5.5 CVE-2019-10754
MISC
MISC
MISC
MISC
MISC
attosoft — auto_thickbox_plus The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. 2019-09-20 4.3 CVE-2015-9396
MISC
MISC
avenirsoft — directdownload The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. 2019-09-26 4.3 CVE-2015-9442
MISC
MISC
bestwebsoft — quotes_and_tips The quotes-and-tips plugin before 1.20 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9385
MISC
MISC
bestwebsoft — relevant The relevant plugin before 1.0.8 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9384
MISC
MISC
bluestacks — bluestacks An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read 2019-09-24 4.9 CVE-2019-14220
MISC
CONFIRM
bookmarkify_project — bookmarkify The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. 2019-09-26 4.3 CVE-2015-9441
MISC
MISC
byonepress — social_locker The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. 2019-09-25 4.3 CVE-2015-9425
MISC
MISC
MISC
cacti — cacti In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. 2019-09-23 4.0 CVE-2019-16723
MISC
captain-slider_project — captain-slider The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. 2019-09-25 4.3 CVE-2015-9419
MISC
MISC
cisco — ios A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel. 2019-09-25 5.8 CVE-2019-12665
CISCO
cloudfoundry — cf-deployment Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. 2019-09-23 5.5 CVE-2019-11277
CONFIRM
crazy_bone_project — crazy_bone The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. 2019-09-25 4.3 CVE-2015-9430
MISC
MISC
MISC
cure53 — dompurify DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. 2019-09-24 4.3 CVE-2019-16728
MISC
cyberseo — xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. 2019-09-20 4.3 CVE-2015-9407
MISC
MISC
MISC
cyberseo — xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. 2019-09-20 4.3 CVE-2015-9408
MISC
MISC
MISC
devise_token_auth_project — devise_token_auth An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim’s browser. This affects the fallback_render method in the omniauth callbacks controller. 2019-09-24 4.3 CVE-2019-16751
MISC
doc4design — multicons The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. 2019-09-25 4.3 CVE-2015-9424
MISC
MISC
MISC
draytek — vigor2925_firmware On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware. 2019-09-20 4.3 CVE-2019-16533
MISC
MISC
draytek — vigor2925_firmware On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware 2019-09-20 4.3 CVE-2019-16534
MISC
MISC
e2fsprogs_project — e2fsprogs An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. 2019-09-24 4.6 CVE-2019-5094
MISC
efficientscripts — microblog_poster The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. 2019-09-25 6.5 CVE-2015-9449
MISC
MISC
MISC
elegantthemes — extra The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. 2019-09-20 6.5 CVE-2016-11002
MISC
MISC
elegantthemes — monarch The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. 2019-09-20 6.5 CVE-2016-11003
MISC
MISC
elegantthemes — monarch The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. 2019-09-20 6.5 CVE-2016-11004
MISC
MISC
elfsight — instalinker The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. 2019-09-20 4.3 CVE-2016-11005
MISC
MISC
embedthis — goahead An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. 2019-09-20 5.0 CVE-2019-16645
MISC
eshop_project — eshop The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. 2019-09-25 4.3 CVE-2015-9413
MISC
MISC
MISC
f5 — big-ip_access_policy_manager In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request. 2019-09-25 5.0 CVE-2019-6651
MISC
f5 — big-ip_access_policy_manager On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data. 2019-09-25 4.3 CVE-2019-6655
MISC
f5 — big-ip_application_security_manager F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings. 2019-09-20 5.8 CVE-2019-6650
CONFIRM
f5 — big-iq_centralized_management In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS). 2019-09-25 6.4 CVE-2019-6652
MISC
gilacms — gila_cms Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. 2019-09-21 4.0 CVE-2019-16679
MISC
MISC
MISC
googmonify_project — googmonify The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. 2019-09-25 4.3 CVE-2015-9427
MISC
MISC
MISC
grafana — grafana An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the “Save and test” button within a data source’s settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the “Show password” box. 2019-09-23 4.0 CVE-2019-15635
MISC
MISC
hcltech — appscan_source HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker’s control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. 2019-09-25 5.8 CVE-2019-16188
CONFIRM
home-assistant — home-assistant Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application’s error log via components/api.py. 2019-09-23 5.0 CVE-2018-21019
MISC
MISC
hongcms_project — hongcms HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) 2019-09-25 5.5 CVE-2019-16867
MISC
html-pdf_project — html-pdf The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. 2019-09-20 5.0 CVE-2019-15138
MISC
hunspell_project — hunspell Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. 2019-09-23 4.3 CVE-2019-16707
MISC
ibm — mq IBM MQ 7.5.0.0 – 7.5.0.9, 7.1.0.0 – 7.1.0.9, 8.0.0.0 – 8.0.0.12, 9.0.0.0 – 9.0.0.6, 9.1.0.0 – 9.1.0.2, and 9.1.0 – 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084. 2019-09-26 4.0 CVE-2019-4378
XF
CONFIRM
ibm — qradar_security_information_and_event_manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014. 2019-09-26 5.0 CVE-2019-4262
XF
CONFIRM
ibm — security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. 2019-09-24 4.3 CVE-2019-4515
XF
CONFIRM
ibm — security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. 2019-09-20 5.0 CVE-2019-4565
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. 2019-09-20 5.0 CVE-2019-4505
XF
CONFIRM
idreamsoft — icms An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. 2019-09-21 5.8 CVE-2019-16677
MISC
imagemagick — imagemagick ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. 2019-09-23 4.3 CVE-2019-16708
MISC
imagemagick — imagemagick ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. 2019-09-23 4.3 CVE-2019-16709
MISC
imagemagick — imagemagick ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. 2019-09-23 4.3 CVE-2019-16710
MISC
imagemagick — imagemagick ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. 2019-09-23 4.3 CVE-2019-16711
MISC
imagemagick — imagemagick ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. 2019-09-23 4.3 CVE-2019-16712
MISC
imagemagick — imagemagick ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. 2019-09-23 4.3 CVE-2019-16713
MISC
ipswitch — moveit_transfer MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection. 2019-09-24 6.4 CVE-2019-16383
CONFIRM
CONFIRM
CONFIRM
CONFIRM
irfanview — irfanview In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. 2019-09-25 6.8 CVE-2019-16887
MISC
jenkins — aqua_microscanner Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-09-25 5.0 CVE-2019-10427
MLIST
CONFIRM
jenkins — aqua_security_scanner Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-09-25 5.0 CVE-2019-10428
MLIST
CONFIRM
jenkins — azure_event_grid_notifier Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10421
MLIST
CONFIRM
jenkins — call_remote_job Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10422
MLIST
CONFIRM
jenkins — data_theorem_mobile_app_security Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10413
MLIST
CONFIRM
jenkins — google_calendar Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10425
MLIST
CONFIRM
jenkins — inedo_buildmaster Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-09-25 5.0 CVE-2019-10411
MLIST
CONFIRM
jenkins — inedo_proget Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2019-09-25 5.0 CVE-2019-10412
MLIST
CONFIRM
jenkins — inheritance-plugin Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. 2019-09-25 4.0 CVE-2019-10407
MLIST
CONFIRM
jenkins — jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the “Cookie” HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. 2019-09-25 4.0 CVE-2019-10405
MLIST
CONFIRM
jenkins — kubernetes_pipeline Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. 2019-09-25 6.5 CVE-2019-10417
MLIST
CONFIRM
jenkins — kubernetes_pipeline Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. 2019-09-25 6.5 CVE-2019-10418
MLIST
CONFIRM
jenkins — project_inheritance A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. 2019-09-25 4.0 CVE-2019-10408
MLIST
CONFIRM
jenkins — violation_comments_to_gitlab Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-09-25 4.0 CVE-2019-10415
MLIST
CONFIRM
jenkins — violation_comments_to_gitlab Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 4.0 CVE-2019-10416
MLIST
CONFIRM
joomla — joomla! In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. 2019-09-24 4.3 CVE-2019-16725
CONFIRM
joyplus_project — joyplus joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. 2019-09-21 6.4 CVE-2019-16655
MISC
joyplus_project — joyplus joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. 2019-09-21 6.8 CVE-2019-16660
MISC
kiwi-logo-carousel_project — kiwi-logo-carousel The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. 2019-09-25 4.3 CVE-2015-9434
MISC
MISC
MISC
kkcms_project — kkcms kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. 2019-09-23 6.8 CVE-2019-16706
MISC
libgcrypt20_project — libgcrypt20 It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. 2019-09-25 6.8 CVE-2019-13627
SUSE
MISC
MLIST
MISC
libming — libming Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. 2019-09-23 6.4 CVE-2019-16705
MISC
linux — linux_kernel In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. 2019-09-23 5.0 CVE-2019-16714
MLIST
MLIST
MISC
MISC
mediawiki — mediawiki In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. 2019-09-25 5.0 CVE-2019-16738
MISC
microsoft — forefront_endpoint_protection_2010 A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka ‘Microsoft Defender Denial of Service Vulnerability’. 2019-09-23 5.0 CVE-2019-1255
MISC
momizat — goodnews The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. 2019-09-20 4.3 CVE-2016-10999
MISC
monetize_project — monetize The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. 2019-09-26 4.3 CVE-2015-9440
MISC
MISC
mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. 2019-09-20 4.3 CVE-2015-9386
MISC
MISC
mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. 2019-09-20 4.3 CVE-2015-9387
MISC
MISC
mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. 2019-09-20 4.3 CVE-2015-9388
MISC
MISC
netapp — ontap_select_deploy_administration_utility ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. 2019-09-24 5.0 CVE-2019-5505
MISC
netgate — pfsense An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. 2019-09-26 4.3 CVE-2019-16914
MISC
MISC
MISC
neuvoo — neuvoo-jobroll The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. 2019-09-20 4.3 CVE-2015-9403
MISC
MISC
neuvoo — neuvoo-jobroll The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. 2019-09-20 4.3 CVE-2015-9404
MISC
MISC
novnc — novnc An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. 2019-09-25 4.3 CVE-2017-18635
MISC
MISC
MISC
MISC
nxp — kinetis_k8x_firmware On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register. 2019-09-24 4.6 CVE-2019-14239
MISC
MISC
ocimscripts — ocim-mp3 The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. 2019-09-20 4.3 CVE-2016-10998
MISC
olevmedia — olevmedia_shortcodes The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. 2019-09-25 4.3 CVE-2015-9421
MISC
MISC
MISC
optinmonster — optinmonster The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. 2019-09-20 5.0 CVE-2016-10996
MISC
MISC
organizedthemes — epic The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. 2019-09-20 5.0 CVE-2014-10396
MISC
ostenta — yawpp The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. 2019-09-20 4.3 CVE-2015-9391
MISC
MISC
pac4j — pac4j The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG’s algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml. 2019-09-23 4.0 CVE-2019-10755
MISC
pagekit — pagekit The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. 2019-09-21 5.0 CVE-2019-16669
MISC
para — antioch The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. 2019-09-20 5.0 CVE-2014-10397
MISC
phpmywind — phpmywind admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. 2019-09-23 4.3 CVE-2019-16703
MISC
pivotal_software — pivotal_application_service Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to. 2019-09-20 6.5 CVE-2019-11280
CONFIRM
plugin-planet — user_submitted_posts The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. 2019-09-20 4.3 CVE-2016-11001
MISC
MISC
plutinosoft — platinum Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. 2019-09-26 5.0 CVE-2019-16903
MISC
MISC
pressified — sendpress The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. 2019-09-26 6.5 CVE-2015-9448
MISC
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS. 2019-09-20 4.3 CVE-2019-14911
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. 2019-09-20 5.8 CVE-2019-14912
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate. 2019-09-20 4.3 CVE-2019-14915
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. 2019-09-20 5.0 CVE-2019-15085
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. 2019-09-20 4.3 CVE-2019-15086
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution. 2019-09-20 6.5 CVE-2019-15087
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. 2019-09-20 6.8 CVE-2019-15089
MISC
MISC
prospecta — master_data_online Prospecta Master Data Online (MDO) allows CSRF. 2019-09-20 4.3 CVE-2018-17789
MISC
qemu — qemu In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances ‘s->dsp’ index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. 2019-09-24 5.0 CVE-2019-12068
MISC
MLIST
MISC
MISC
qurl — dynamic_widgets The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. 2019-09-25 4.3 CVE-2015-9437
MISC
MISC
MISC
radare — radare2 In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it’s possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. 2019-09-23 6.8 CVE-2019-16718
MISC
MISC
MISC
redhat — tectonic CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards. 2019-09-24 4.3 CVE-2018-9090
MISC
MISC
redlion — crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. 2019-09-23 6.8 CVE-2019-10978
MISC
redlion — crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. 2019-09-23 6.8 CVE-2019-10984
MISC
redlion — crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. 2019-09-23 4.3 CVE-2019-10990
MISC
redlion — crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. 2019-09-23 6.8 CVE-2019-10996
MISC
riot-os — riot RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT’s MQTT implementation. Additionally, the server IP address is required for spoofing the packet. 2019-09-24 5.0 CVE-2019-16754
MISC
rockwellautomation — arena_simulation_software In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. 2019-09-24 6.8 CVE-2019-13527
MISC
sahipro — sahi_pro Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion. 2019-09-23 5.0 CVE-2019-13063
MISC
EXPLOIT-DB
sick — fx0-gent00000_firmware SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow 2019-09-24 5.0 CVE-2019-14753
MISC
CONFIRM
silverstripe — silverstripe SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. 2019-09-25 4.3 CVE-2019-12205
MISC
MISC
CONFIRM
silverstripe — silverstripe SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. 2019-09-25 5.0 CVE-2019-12245
MISC
MISC
CONFIRM
silverstripe — silverstripe In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. 2019-09-26 4.0 CVE-2019-12617
MISC
MISC
MISC
CONFIRM
silverstripe — silverstripe In SilverStripe assets 4.0, there is broken access control on files. 2019-09-26 5.0 CVE-2019-14273
MISC
MISC
MISC
CONFIRM
slidervilla — testimonial_slider The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. 2019-09-25 4.3 CVE-2015-9417
MISC
MISC
st — stm32f4_firmware On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. 2019-09-24 4.6 CVE-2019-14238
MISC
MISC
string-interner_project — string-interner An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. 2019-09-25 5.0 CVE-2019-16882
CONFIRM
supermicro — a1sa2-2750f_firmware On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. 2019-09-20 5.0 CVE-2019-16649
MISC
MISC
MISC
suricata-ids — suricata An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet. 2019-09-24 6.4 CVE-2019-15699
MISC
MISC
suricata-ids — suricata An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking. 2019-09-24 6.4 CVE-2019-16410
MISC
MISC
thinksaas — thinksaas An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. 2019-09-21 4.3 CVE-2019-16665
MISC
topcon — net-g5_firmware An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration. 2019-09-20 6.5 CVE-2019-11326
MISC
topcon — net-g5_firmware An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device’s files system. 2019-09-20 4.0 CVE-2019-11327
MISC
totaldefense — anti-virus In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable. 2019-09-24 4.6 CVE-2019-13355
MISC
MISC
totaldefense — anti-virus In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. 2019-09-24 4.6 CVE-2019-13356
MISC
MISC
totaldefense — anti-virus In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable. 2019-09-24 4.6 CVE-2019-13357
MISC
MISC
trivetechnology — wp-stats-dashboard The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. 2019-09-20 6.5 CVE-2015-9399
MISC
MISC
MISC
tuzicms — tuzicms TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. 2019-09-21 4.3 CVE-2019-16657
MISC
tuzicms — tuzicms TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. 2019-09-21 6.8 CVE-2019-16658
MISC
tuzicms — tuzicms TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. 2019-09-21 6.8 CVE-2019-16659
MISC
typomedia — wordpress_meta_robots The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. 2019-09-20 6.5 CVE-2015-9400
MISC
MISC
MISC
unitegallery — unite_gallery_lite The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. 2019-09-26 6.8 CVE-2015-9445
MISC
MISC
MISC
unitegallery — unite_gallery_lite The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. 2019-09-26 6.5 CVE-2015-9446
MISC
MISC
MISC
unitegallery — unite_gallery_lite The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. 2019-09-26 4.3 CVE-2015-9447
MISC
MISC
MISC
usabilitydynamics — wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. 2019-09-20 5.0 CVE-2016-11006
MISC
MISC
MISC
usabilitydynamics — wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. 2019-09-20 5.0 CVE-2016-11007
MISC
MISC
MISC
usabilitydynamics — wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. 2019-09-20 5.0 CVE-2016-11008
MISC
MISC
MISC
usabilitydynamics — wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. 2019-09-20 5.0 CVE-2016-11009
MISC
MISC
MISC
usabilitydynamics — wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. 2019-09-20 5.0 CVE-2016-11010
MISC
MISC
MISC
usabilitydynamics — wp-invoice The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. 2019-09-20 4.0 CVE-2016-11011
MISC
MISC
MISC
usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. 2019-09-20 6.8 CVE-2015-9394
MISC
MISC
usersultra — users_ultra_membership The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. 2019-09-20 6.5 CVE-2015-9395
MISC
MISC
MISC
usersultra — users_ultra_membership The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. 2019-09-20 6.8 CVE-2015-9402
MISC
MISC
MISC
vmware — fusion VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. 2019-09-20 5.5 CVE-2019-5521
MISC
CONFIRM
webmaster-source — gocodes The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. 2019-09-20 6.5 CVE-2015-9398
MISC
MISC
MISC
wp-piwik_project — wp-piwik The wp-piwik plugin before 1.0.5 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9405
MISC
MISC
MISC
wp_accurate_form_data_project — wp_accurate_form_data The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. 2019-09-26 4.3 CVE-2015-9443
MISC
MISC
wplegalpages — wp_legal_pages The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. 2019-09-25 4.3 CVE-2015-9428
MISC
MISC
MISC
wpsymposiumpro — wp-symposium The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. 2019-09-25 4.3 CVE-2015-9414
MISC
MISC
wtcms_project — wtcms WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. 2019-09-23 4.3 CVE-2019-16719
MISC
yourinspirationweb — beauty-premium The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. 2019-09-20 4.3 CVE-2016-10997
MISC
EXPLOIT-DB
yzmcms — yzmcms admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. 2019-09-21 4.3 CVE-2019-16678
MISC
zzzcms — zzzphp ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. 2019-09-23 5.0 CVE-2019-16720
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
addthis — addthis The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. 2019-09-25 3.5 CVE-2015-9439
MISC
MISC
MISC
blubrry — powerpress_podcasting The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter. 2019-09-25 3.5 CVE-2015-9410
MISC
MISC
digimute — ogma_cms Ogma CMS 0.5 has XSS via creation of a new blog. 2019-09-21 3.5 CVE-2019-16661
MISC
display-widgets_project — display-widgets The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. 2019-09-25 3.5 CVE-2015-9438
MISC
MISC
MISC
f5 — big-ip_access_policy_manager On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. 2019-09-25 3.3 CVE-2019-6654
MISC
f5 — big-iq_centralized_management There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles. 2019-09-25 3.5 CVE-2019-6653
MISC
halo — halo Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. 2019-09-25 3.5 CVE-2019-16890
MISC
ibm — content_navigator IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721. 2019-09-25 3.5 CVE-2019-4571
XF
CONFIRM
ibm — security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. 2019-09-24 2.1 CVE-2019-4566
XF
CONFIRM
jenkins — assembla Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10420
MLIST
CONFIRM
jenkins — codescan Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10423
MLIST
CONFIRM
jenkins — eloyente Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10424
MLIST
CONFIRM
jenkins — gem_publisher Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10426
MLIST
CONFIRM
jenkins — git_changelog Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-09-25 3.5 CVE-2019-10414
MLIST
CONFIRM
jenkins — gitlab_logo Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10429
MLIST
CONFIRM
jenkins — jenkins In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). 2019-09-25 3.5 CVE-2019-10401
MLIST
CONFIRM
jenkins — jenkins In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. 2019-09-25 3.5 CVE-2019-10402
MLIST
CONFIRM
jenkins — jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. 2019-09-25 3.5 CVE-2019-10403
MLIST
CONFIRM
jenkins — jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. 2019-09-25 3.5 CVE-2019-10404
MLIST
CONFIRM
jenkins — jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. 2019-09-25 3.5 CVE-2019-10406
MLIST
CONFIRM
jenkins — neuvector_vulnerability_scanner Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10430
MLIST
CONFIRM
jenkins — vfabric_application_director Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-09-25 2.1 CVE-2019-10419
MLIST
CONFIRM
manual_image_crop_project — manual_image_crop The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. 2019-09-25 3.5 CVE-2015-9426
MISC
MISC
MISC
mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. 2019-09-20 3.5 CVE-2015-9389
MISC
MISC
phpmywind — phpmywind admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. 2019-09-23 3.5 CVE-2019-16704
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel. 2019-09-20 3.5 CVE-2019-14913
MISC
MISC
qurl — dynamic_widgets The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. 2019-09-25 3.5 CVE-2015-9436
MISC
MISC
MISC
silverstripe — silverstripe SilverStripe through 4.3.3 allows session fixation in the “change password” form. 2019-09-25 3.7 CVE-2019-12203
MISC
MISC
CONFIRM
silverstripe — silverstripe In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. 2019-09-26 3.5 CVE-2019-14272
MISC
MISC
MISC
CONFIRM
solaplugins — sola_support_tickets The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. 2019-09-20 3.5 CVE-2016-11012
MISC
MISC
teampass — teampass TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.) 2019-09-26 3.5 CVE-2019-16904
MISC
thinksaas — thinksaas An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. 2019-09-21 3.5 CVE-2019-16664
MISC
traveloka — traveloka The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application. 2019-09-21 2.6 CVE-2019-16681
MISC
MISC
tridium — niagara4 A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10). 2019-09-24 2.1 CVE-2019-13528
MISC
usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. 2019-09-20 3.5 CVE-2015-9392
MISC
MISC
MISC
usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. 2019-09-20 3.5 CVE-2015-9393
MISC
MISC
vandyvape — swell_kit_mod_firmware An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim’s mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values. 2019-09-23 3.3 CVE-2019-16518
MISC
webmaster-source — gocodes The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. 2019-09-20 3.5 CVE-2015-9397
MISC
MISC
MISC
websimon-tables_project — websimon-tables The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. 2019-09-20 3.5 CVE-2015-9401
MISC
MISC
MISC
zrlog — zrlog An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. 2019-09-20 3.5 CVE-2019-16643
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. 2019-09-27 not yet calculated CVE-2019-8074
CONFIRM
adobe — coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-09-27 not yet calculated CVE-2019-8072
CONFIRM
adobe — coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. 2019-09-27 not yet calculated CVE-2019-8073
CONFIRM
adobe — flash_player Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. 2019-09-27 not yet calculated CVE-2019-8075
CONFIRM
apache — http_server In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the “PROXY” protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. 2019-09-26 not yet calculated CVE-2019-10097
MISC
arm — mbed_tls_and_mbed_crypto Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) 2019-09-26 not yet calculated CVE-2019-16910
MISC
bmc_software — myit_digital_workplace_dwp A vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component sso.session.restore.cookies stores data using java serialization method. The vulnerability can be triggered by using an ivalid cookie that contains an embedded system command within a DWP API call, as demonstrated by the /dwp/rest/v2/administrator URI. 2019-09-26 not yet calculated CVE-2019-16755
CONFIRM
cisco — 4000_series_service_routers A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails. 2019-09-25 not yet calculated CVE-2019-12664
CISCO
cisco — asr_9000_series_aggregation_services_routers A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise. 2019-09-25 not yet calculated CVE-2019-12709
CISCO
cisco — catalyst_4000_series_switches A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. 2019-09-25 not yet calculated CVE-2019-12652
CISCO
cisco — ios_and_ios_xe_software A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. 2019-09-25 not yet calculated CVE-2019-12647
CISCO
cisco — ios_and_ios_xe_software A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. 2019-09-25 not yet calculated CVE-2019-12654
CISCO
cisco — ios_and_ios_xe_software A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. 2019-09-25 not yet calculated CVE-2019-12668
CISCO
cisco — ios_software A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user. 2019-09-25 not yet calculated CVE-2019-12648
CISCO
cisco — ios_xe_software A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2019-09-25 not yet calculated CVE-2019-12669
CISCO
cisco — ios_xe_software A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload. 2019-09-25 not yet calculated CVE-2019-12655
CISCO
cisco — ios_xe_software A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2019-09-25 not yet calculated CVE-2019-12657
CISCO
cisco — ios_xe_software A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state. 2019-09-25 not yet calculated CVE-2019-12663
CISCO
cisco — ios_xe_software A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol. 2019-09-25 not yet calculated CVE-2019-12653
CISCO
cisco — ios_xe_software A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system. 2019-09-25 not yet calculated CVE-2019-12666
CISCO
cisco — ios_xe_software A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. 2019-09-25 not yet calculated CVE-2019-12659
CISCO
cisco — ios_xe_software A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning. 2019-09-25 not yet calculated CVE-2019-12660
CISCO
cisco — ios_xe_software A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition. 2019-09-25 not yet calculated CVE-2019-12658
CISCO
cisco — ios_xe_software Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2019-09-25 not yet calculated CVE-2019-12651
CISCO
cisco — ios_xe_software A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. 2019-09-25 not yet calculated CVE-2019-12661
CISCO
cisco — ios_xe_software A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. 2019-09-25 not yet calculated CVE-2019-12649
CISCO
cisco — ios_xe_software Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2019-09-25 not yet calculated CVE-2019-12650
CISCO
cisco — ios_xe_software A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. 2019-09-25 not yet calculated CVE-2019-12667
CISCO
cisco — ios_xe_software A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2019-09-25 not yet calculated CVE-2019-12646
CISCO
cisco — ios_xe_software A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS. 2019-09-25 not yet calculated CVE-2019-12671
CISCO
cisco — ios_xe_software A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device. 2019-09-25 not yet calculated CVE-2019-12672
CISCO
cisco — ios_xe_software A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container. 2019-09-25 not yet calculated CVE-2019-12670
CISCO
cisco — multiple_cisco_platforms A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. 2019-09-25 not yet calculated CVE-2019-12656
CISCO
cisco — nx-os_software A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability. 2019-09-25 not yet calculated CVE-2019-12717
CISCO
cisco — nx-os_software_and_ios_xe_software A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image. 2019-09-25 not yet calculated CVE-2019-12662
CISCO
ckeditor — ckfinder An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection. 2019-09-26 not yet calculated CVE-2019-15891
MISC
ckeditor — ckfinder An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. 2019-09-26 not yet calculated CVE-2019-15862
MISC
cloud_foundry — uaa CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with ‘client.write’ and ‘groups.update’ can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. 2019-09-26 not yet calculated CVE-2019-11278
CONFIRM
cloud_foundry — uaa CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn’t be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. 2019-09-26 not yet calculated CVE-2019-11279
CONFIRM
corsair — link The “CLink4Service” service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. 2019-09-27 not yet calculated CVE-2018-19592
MISC
MISC
d-link — multiple_products Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a “PingTest” device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. 2019-09-27 not yet calculated CVE-2019-16920
MISC
dell — update_package_and_emc_servers An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers. 2019-09-24 not yet calculated CVE-2019-3726
CONFIRM
dnn_software — dotnetnuke Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. 2019-09-26 not yet calculated CVE-2019-12562
MISC
f5 — big-ip_and_enterprise_manager F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. 2019-09-20 not yet calculated CVE-2019-6649
CONFIRM
f5 — big-ip_apm_edge_client BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. 2019-09-25 not yet calculated CVE-2019-6656
MISC
gigastone — smart_battery_a2-25de An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page. 2019-09-25 not yet calculated CVE-2019-15067
CONFIRM
CONFIRM
glpi_project — glpi GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes. 2019-09-25 not yet calculated CVE-2019-14666
MISC
MISC
gnome — file-roller An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. 2019-09-21 not yet calculated CVE-2019-16680
MISC
MISC
MISC
UBUNTU
honeywell — performance_ip_cameras_and_performance_nvrs In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L. 2019-09-26 not yet calculated CVE-2019-13523
MISC
ibm — mq IBM MQ 7.1.0.0 – 7.1.0.9, 7.5.0.0 – 7.5.0.9, 8.0.0.0 – 8.0.0.11, 9.0.0.0 – 9.0.0.6, 9.1.0.0 – 9.1.0.2, and 9.1.1 – 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337. 2019-09-27 not yet calculated CVE-2019-4141
XF
CONFIRM
jenkins — jenkins A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. 2019-09-25 not yet calculated CVE-2019-10409
MLIST
CONFIRM
jenkins — jenkins Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. 2019-09-25 not yet calculated CVE-2019-10410
MLIST
CONFIRM
kkcms_project — kkcms kkcms 1.3 has jx.php?url= XSS. 2019-09-27 not yet calculated CVE-2019-16923
MISC
lemonldap-ng — lemonldap-ng OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs. 2019-09-25 not yet calculated CVE-2019-15941
MISC
MISC
BUGTRAQ
DEBIAN
lenovo — system_update A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. 2019-09-26 not yet calculated CVE-2019-6175
MISC
lenovo — thinkagile_cloud_platform-storage_block_bmc An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs. 2019-09-26 not yet calculated CVE-2019-6161
MISC
libreoffice — libreoffice LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1. 2019-09-27 not yet calculated CVE-2019-9853
CONFIRM
linux — linux_kernel In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. 2019-09-27 not yet calculated CVE-2019-16921
MISC
MISC
mit_kerberos — krb5 A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 “enctypes”. A remote unauthenticated user could use this flaw to crash the KDC. 2019-09-26 not yet calculated CVE-2019-14844
CONFIRM
MISC
netgate — pfsense diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a “CSRF token expired” error and a Try Again button when a CSRF token is missing. 2019-09-26 not yet calculated CVE-2019-16667
MISC
netgate — pfsense An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. 2019-09-26 not yet calculated CVE-2019-16915
MISC
MISC
MISC
netskope — netskope_client_service The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege. 2019-09-26 not yet calculated CVE-2019-12091
MISC
CONFIRM
CONFIRM
netskope — netskope_client_service The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in “doHandshakefromServer” function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system. 2019-09-26 not yet calculated CVE-2019-10882
MISC
CONFIRM
CONFIRM
netty — netty Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a “Transfer-Encoding : chunked” line), which leads to HTTP request smuggling. 2019-09-26 not yet calculated CVE-2019-16869
MISC
MISC
phpbb — phpbb phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS 2019-09-27 not yet calculated CVE-2019-13376
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. A file’s format is not properly checked, leading to an unrestricted file upload. 2019-09-20 not yet calculated CVE-2019-14916
MISC
MISC
rubyzip_gem_for_ruby_on_rails — rubyzip_gem_for_ruby_on_rails In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). 2019-09-25 not yet calculated CVE-2019-16892
MISC
runc — runc runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. 2019-09-25 not yet calculated CVE-2019-16884
MISC
salesagility — suitecrm SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. 2019-09-27 not yet calculated CVE-2019-16922
MISC
samsung — samsungtts_for_android The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. 2019-09-25 not yet calculated CVE-2019-16253
MISC
silverstripe — silverstripe In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) 2019-09-26 not yet calculated CVE-2019-16409
MISC
MISC
CONFIRM
ubiquiti — edgemax_devices Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. 2019-09-25 not yet calculated CVE-2019-16889
MISC
MISC
MISC
wordpress — wordpress The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. 2019-09-25 not yet calculated CVE-2015-9433
MISC
MISC
MISC
wordpress — wordpress The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. 2019-09-25 not yet calculated CVE-2015-9429
MISC
MISC
MISC
wordpress — wordpress The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. 2019-09-25 not yet calculated CVE-2015-9423
MISC
MISC
MISC
wordpress — wordpress The Postmatic plugin before 1.4.6 for WordPress has XSS. 2019-09-25 not yet calculated CVE-2015-9411
MISC
MISC
wordpress — wordpress The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. 2019-09-25 not yet calculated CVE-2015-9416
MISC
MISC
wordpress — wordpress The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. 2019-09-25 not yet calculated CVE-2015-9418
MISC
MISC
MISC
wordpress — wordpress The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. 2019-09-25 not yet calculated CVE-2015-9422
MISC
MISC
MISC
wordpress — wordpress Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. 2019-09-20 not yet calculated CVE-2015-9406
MISC
MISC
wordpress — wordpress The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. 2019-09-25 not yet calculated CVE-2015-9432
MISC
MISC
MISC
wordpress — wordpress The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. 2019-09-25 not yet calculated CVE-2015-9435
MISC
MISC
wordpress — wordpress The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter. 2019-09-26 not yet calculated CVE-2019-16524
MISC
CONFIRM
MISC
wordpress — wordpress In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. 2019-09-27 not yet calculated CVE-2019-16902
MISC
MISC
wordpress — wordpress The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. 2019-09-20 not yet calculated CVE-2015-9390
MISC
MISC
wordpress — wordpress The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. 2019-09-25 not yet calculated CVE-2015-9431
MISC
MISC
MISC
wordpress — wordpress The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. 2019-09-25 not yet calculated CVE-2015-9420
MISC
MISC
MISC
wordpress —  wordpress The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter. 2019-09-25 not yet calculated CVE-2015-9412
MISC
MISC
yzmcms — yzmcms An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. 2019-09-26 not yet calculated CVE-2019-16532
MISC
EXPLOIT-DB

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: September 23, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. 2019-09-18 9.0 CVE-2019-13550
MISC
advantech — webaccess In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. 2019-09-18 9.0 CVE-2019-13558
MISC
apache — tapestry Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp’s AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component. 2019-09-16 7.5 CVE-2019-0195
MLIST
arubanetworks — arubaos A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked. 2019-09-13 9.3 CVE-2018-7081
CONFIRM
MISC
aspose — aspose.pdf_for_c++ An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. 2019-09-18 7.5 CVE-2019-5066
CONFIRM
aspose — aspose.pdf_for_c++ An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. 2019-09-18 7.5 CVE-2019-5067
CONFIRM
atlassian — jira The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. 2019-09-19 9.0 CVE-2019-15001
MISC
canonical — ubuntu_linux A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. 2019-09-17 7.2 CVE-2019-14835
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
FEDORA
UBUNTU
MISC
code42 — code42 In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution. 2019-09-17 7.5 CVE-2019-15131
CONFIRM
MISC
dlink — dns-320_firmware The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. 2019-09-16 10.0 CVE-2019-16057
MISC
MISC
egpp — sistema_integrado_de_gestion_academica In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database. 2019-09-16 7.5 CVE-2019-16264
MISC
fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. 2019-09-15 7.5 CVE-2019-14540
CONFIRM
MISC
MISC
fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. 2019-09-15 7.5 CVE-2019-16335
MISC
flamecms_project — flamecms FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. 2019-09-14 7.5 CVE-2019-16309
MISC
gitlabhook_project — gitlabhook NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. 2019-09-13 10.0 CVE-2019-5485
MISC
haxx — curl Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. 2019-09-16 7.5 CVE-2019-5481
SUSE
CONFIRM
FEDORA
FEDORA
haxx — curl Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. 2019-09-16 7.5 CVE-2019-5482
SUSE
CONFIRM
FEDORA
FEDORA
ibm — cognos_analytics IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. 2019-09-17 7.8 CVE-2019-4183
XF
CONFIRM
indexhibit — indexhibit Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. 2019-09-14 7.5 CVE-2019-16314
MISC
infradead — openconnect process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. 2019-09-17 7.5 CVE-2019-16239
CONFIRM
FEDORA
FEDORA
FEDORA
MISC
jhipster — jhipster_kotlin A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover. 2019-09-13 7.5 CVE-2019-16303
MISC
MISC
MISC
MISC
MISC
keeper — k5_firmware On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell. 2019-09-19 7.2 CVE-2019-16398
MISC
libav — libav In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf. 2019-09-19 7.1 CVE-2019-9717
MISC
MISC
libav — libav A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. 2019-09-19 7.1 CVE-2019-9720
MISC
MISC
linux — linux_kernel An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel’s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer ‘struct kvm_coalesced_mmio’ object, wherein write indices ‘ring->first’ and ‘ring->last’ value could be supplied by a host user-space process. An unprivileged host user or process with access to ‘/dev/kvm’ device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. 2019-09-19 7.2 CVE-2019-14821
MLIST
CONFIRM
linux-nfs — nfs-utils The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system if fs.protected_symlinks is not set 2019-09-19 10.0 CVE-2019-3689
CONFIRM
membersonic — membersonic The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. 2019-09-16 7.5 CVE-2016-10971
MISC
microfocus — data_protector Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. 2019-09-13 7.2 CVE-2019-11660
CONFIRM
moddable — moddable In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. 2019-09-16 7.5 CVE-2019-16366
MISC
open-emr — openemr OpenEMR v5.0.1-6 allows code execution. 2019-09-16 9.0 CVE-2019-8371
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication. 2019-09-20 7.5 CVE-2019-15088
MISC
MISC
publisure — publisure An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account “user” in order to become “Administrator” (for example). 2019-09-18 7.5 CVE-2019-14254
MISC
rsa — archer RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. 2019-09-18 7.5 CVE-2019-3758
MISC
schneider-electric — bmxnor0200h_firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. 2019-09-17 7.8 CVE-2019-6813
CONFIRM
CONFIRM
schneider-electric — modicon_premium_firmware A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. 2019-09-17 7.8 CVE-2019-6809
CONFIRM
schneider-electric — modicon_premium_firmware A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. 2019-09-17 7.8 CVE-2019-6828
CONFIRM
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 7.5 CVE-2019-13918
MISC
smackcoders — ultimate_exporter The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. 2019-09-20 7.5 CVE-2016-11000
MISC
MISC
tagdiv — newspaper The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. 2019-09-16 7.5 CVE-2016-10972
MISC
EXPLOIT-DB
tagdiv — newspaper The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. 2019-09-16 7.5 CVE-2017-18634
MISC
telestar — bobs_rock_radio_firmware TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands. 2019-09-16 7.5 CVE-2019-13474
MISC
MISC
templatic — telvolution The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. 2019-09-18 7.5 CVE-2016-10995
MISC
tenda — n301_firmware On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. 2019-09-13 7.8 CVE-2019-16288
MISC
tendacn — n301_firmware In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.) 2019-09-19 7.8 CVE-2019-16412
MISC
terrasoft — bpm_online_crm_system_sdk A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. 2019-09-18 7.5 CVE-2019-15301
MISC
tibco — enterprise_runtime_for_r The server component of TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R – Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0. 2019-09-18 10.0 CVE-2019-11210
MISC
CONFIRM
tibco — enterprise_runtime_for_r The server component of TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R – Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0. 2019-09-18 9.0 CVE-2019-11211
MISC
CONFIRM
trusteddomain — opendmarc OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. 2019-09-17 7.5 CVE-2019-16378
MLIST
MISC
MISC
BUGTRAQ
DEBIAN
MISC
tuzicms — tuzicms App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. 2019-09-20 7.5 CVE-2019-16644
MISC
vivotek — camera VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. 2019-09-18 7.8 CVE-2019-14458
CONFIRM
MISC
westerndigital — wd_my_book_firmware Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me. 2019-09-18 7.5 CVE-2019-16399
MISC
MISC
wireshark — wireshark In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. 2019-09-15 7.8 CVE-2019-16319
MISC
MISC
MISC
wp-kama — kama_click_counter The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. 2019-09-13 9.3 CVE-2017-18614
MISC
MISC
yejiao — tuzicms App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. 2019-09-20 7.5 CVE-2019-16642
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. 2019-09-18 6.5 CVE-2019-13552
MISC
advantech — webaccess In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. 2019-09-18 6.5 CVE-2019-13556
MISC
agentevolution — impress_listings The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. 2019-09-20 4.3 CVE-2016-11013
MISC
MISC
akal_project — akal The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. 2019-09-16 4.3 CVE-2016-10957
MISC
MISC
apache — tapestry Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn’t filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform. 2019-09-16 5.0 CVE-2019-0207
MLIST
apache — tapestry The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead. 2019-09-16 6.8 CVE-2019-10071
MLIST
arubanetworks — arubaos Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. 2019-09-13 4.3 CVE-2019-5314
CONFIRM
aspose — aspose.pdf_for_c++ An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability. 2019-09-18 6.5 CVE-2019-5042
CONFIRM
asus — asuswrt-merlin An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak. 2019-09-17 5.0 CVE-2018-20336
MISC
CONFIRM
atlassian — bitbucket The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands. 2019-09-19 6.8 CVE-2019-15000
MISC
atlassian — jira_service_desk_server The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the ‘Anyone can email the service desk or raise a request in the portal’ setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. 2019-09-19 4.3 CVE-2019-14994
MISC
attosoft — auto_thickbox_plus The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. 2019-09-20 4.3 CVE-2015-9396
MISC
MISC
axiosys — bento4 Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. 2019-09-16 4.3 CVE-2019-16349
MISC
bestwebsoft — relevant The relevant plugin before 1.0.8 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9384
MISC
MISC
bower — bower Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. 2019-09-13 5.0 CVE-2019-5484
MISC
MISC
MISC
brafton — brafton The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. 2019-09-16 4.3 CVE-2016-10973
MISC
MISC
checklist — checklist An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. 2019-09-19 4.3 CVE-2019-16525
MISC
MISC
MISC
MISC
cisco — hyperflex_hx220c_af_m5_firmware A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users. 2019-09-18 5.0 CVE-2019-12620
CISCO
cisco — hyperflex_hx220c_af_m5_firmware A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks. 2019-09-18 4.3 CVE-2019-1975
CISCO
codepeople — music_store The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. 2019-09-17 4.3 CVE-2016-10992
MISC
MISC
MISC
codesys — codesys 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.15.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. 2019-09-17 6.8 CVE-2019-13538
MISC
codesys — control_for_beaglebone An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime. 2019-09-17 6.5 CVE-2019-9008
MISC
CERT
creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. 2019-09-16 6.4 CVE-2016-10965
MISC
MISC
creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. 2019-09-16 5.0 CVE-2016-10966
MISC
MISC
creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. 2019-09-16 4.3 CVE-2016-10967
MISC
MISC
cyberseo — xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. 2019-09-20 4.3 CVE-2015-9407
MISC
MISC
MISC
cyberseo — xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. 2019-09-20 4.3 CVE-2015-9408
MISC
MISC
MISC
dolibarr — dolibarr In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. 2019-09-16 4.3 CVE-2019-16197
MISC
eclipse — mosquitto If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. 2019-09-18 5.5 CVE-2019-11778
CONFIRM
eclipse — mosquitto In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more ‘/’ characters, i.e. the topic hierarchy separator, then a stack overflow will occur. 2019-09-19 4.0 CVE-2019-11779
CONFIRM
elfsight — instalinker The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. 2019-09-20 4.3 CVE-2016-11005
MISC
MISC
estatik — estatik The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. 2019-09-16 5.0 CVE-2016-10958
MISC
MISC
MISC
estatik — estatik The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. 2019-09-16 4.0 CVE-2016-10959
MISC
MISC
firestormplugins — fs-shopping-cart The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. 2019-09-13 6.5 CVE-2016-10951
MISC
MISC
MISC
fossura — tag_miner The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. 2019-09-17 6.8 CVE-2016-10978
MISC
MISC
fossura — tag_miner The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. 2019-09-17 4.3 CVE-2016-10979
MISC
fulixerox — docushare A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). 2019-09-14 4.3 CVE-2019-16307
MISC
geautomation — proficy Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. 2019-09-16 5.0 CVE-2019-16353
MISC
ghost — ghost The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. 2019-09-17 4.0 CVE-2016-10983
MISC
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. 2019-09-16 5.5 CVE-2019-15721
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. 2019-09-16 5.0 CVE-2019-15722
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. 2019-09-16 5.0 CVE-2019-15723
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. 2019-09-16 4.3 CVE-2019-15724
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. 2019-09-16 5.0 CVE-2019-15725
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. 2019-09-16 5.0 CVE-2019-15726
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. 2019-09-16 5.0 CVE-2019-15727
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. 2019-09-16 5.0 CVE-2019-15728
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. 2019-09-17 5.0 CVE-2019-15729
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server. 2019-09-16 5.0 CVE-2019-15730
MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. 2019-09-16 5.0 CVE-2019-15731
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. 2019-09-16 5.0 CVE-2019-15732
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. 2019-09-16 4.0 CVE-2019-15733
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. 2019-09-16 4.0 CVE-2019-15734
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. 2019-09-16 5.0 CVE-2019-15736
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. 2019-09-16 6.4 CVE-2019-15737
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. 2019-09-16 5.0 CVE-2019-15738
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. 2019-09-16 4.3 CVE-2019-15739
CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. 2019-09-16 5.0 CVE-2019-15740
MISC
gitlab — gitlab An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. 2019-09-16 5.5 CVE-2019-16170
MISC
gnucobol_project — gnucobol GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. 2019-09-17 6.8 CVE-2019-16395
MISC
gnucobol_project — gnucobol GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. 2019-09-17 6.8 CVE-2019-16396
MISC
gpac — gpac AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is “cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;” but cfg could be NULL. 2019-09-16 4.3 CVE-2018-21015
MISC
gpac — gpac audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2019-09-16 4.3 CVE-2018-21016
MISC
gpac — gpac GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. 2019-09-16 4.3 CVE-2018-21017
MISC
MISC
gradle — gradle The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. 2019-09-16 4.3 CVE-2019-16370
MISC
MISC
hrworks — hrworks A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. 2019-09-17 4.3 CVE-2019-11559
FULLDISC
MISC
ibm — application_performance_management IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. 2019-09-17 4.3 CVE-2019-4086
XF
CONFIRM
ibm — cognos_controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876. 2019-09-17 4.3 CVE-2019-4171
XF
CONFIRM
ibm — cognos_controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. 2019-09-17 5.0 CVE-2019-4175
XF
CONFIRM
ibm — financial_transaction_manager_for_multiplatform IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946. 2019-09-18 4.0 CVE-2018-1847
XF
CONFIRM
ibm — security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. 2019-09-20 5.0 CVE-2019-4565
XF
CONFIRM
ibm — sterling_file_gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. 2019-09-16 6.5 CVE-2019-4147
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. 2019-09-17 5.0 CVE-2019-4268
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226. 2019-09-17 4.0 CVE-2019-4442
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997. 2019-09-17 4.0 CVE-2019-4477
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. 2019-09-20 5.0 CVE-2019-4505
XF
CONFIRM
icegram — icegram The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. 2019-09-16 4.3 CVE-2016-10962
MISC
MISC
icegram — icegram The icegram plugin before 1.9.19 for WordPress has XSS. 2019-09-16 4.3 CVE-2016-10963
MISC
ifw8 — fr5-e_firmware ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. 2019-09-14 5.0 CVE-2019-16313
MISC
imdb-widget_project — imdb-widget The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion. 2019-09-17 5.0 CVE-2016-10991
MISC
MISC
intel — easy_streaming_wizard Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. 2019-09-16 4.6 CVE-2019-11166
CONFIRM
intenogroup — eg200_firmware Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the “user” account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. 2019-09-16 4.3 CVE-2019-13140
MISC
MISC
MISC
EXPLOIT-DB
kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo. 2019-09-17 4.3 CVE-2016-10980
MISC
MISC
kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. 2019-09-17 4.3 CVE-2016-10981
MISC
MISC
kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. 2019-09-17 6.8 CVE-2016-10982
MISC
MISC
kodebyraaet — safe_editor The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. 2019-09-17 4.3 CVE-2016-10976
MISC
MISC
layerbb — layerbb LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. 2019-09-19 6.8 CVE-2019-16531
MISC
MISC
MISC
MISC
leenk — leenk.me The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer. 2019-09-17 4.3 CVE-2016-10988
MISC
MISC
MISC
leenk — leenk.me The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF. 2019-09-17 6.8 CVE-2016-10989
MISC
MISC
MISC
libav — libav A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. 2019-09-19 6.8 CVE-2019-9719
MISC
MISC
MISC
MISC
libwav_project — libwav marc-q libwav through 2019-08-15 has a NULL pointer dereference in gain_file() at wav_gain.c. 2019-09-16 4.3 CVE-2019-16348
MISC
linecorp — line Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image. 2019-09-19 6.8 CVE-2019-6010
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. 2019-09-18 5.0 CVE-2019-16413
MISC
MISC
MISC
logmein — lastpass LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim’s account on a previously visited web site, because do_popupregister can be bypassed via clickjacking. 2019-09-16 5.8 CVE-2019-16371
MISC
mail-masta_project — mail-masta The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. 2019-09-16 5.0 CVE-2016-10956
MISC
MISC
MISC
mcafee — total_protection DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. 2019-09-13 6.0 CVE-2019-3646
CONFIRM
mi — xiaomi_millet_firmware A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. 2019-09-18 5.8 CVE-2019-15843
CONFIRM
microfocus — service_manager Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data. 2019-09-18 6.5 CVE-2019-11661
CONFIRM
microfocus — service_manager Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. 2019-09-18 4.0 CVE-2019-11662
CONFIRM
microfocus — service_manager Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. 2019-09-18 4.0 CVE-2019-11663
CONFIRM
microfocus — service_manager Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. 2019-09-18 4.0 CVE-2019-11664
CONFIRM
microfocus — service_manager Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. 2019-09-17 5.0 CVE-2019-11665
CONFIRM
microfocus — service_manager Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. 2019-09-17 6.8 CVE-2019-11666
CONFIRM
microfocus — service_manager Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data. 2019-09-17 5.0 CVE-2019-11667
CONFIRM
mobatek — mobaxterm In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. 2019-09-14 6.8 CVE-2019-16305
MISC
momizat — goodnews The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. 2019-09-20 4.3 CVE-2016-10999
MISC
mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. 2019-09-20 4.3 CVE-2015-9386
MISC
MISC
mz-automation — libiec61850 libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose. 2019-09-19 5.0 CVE-2019-16510
MISC
neliosoftware — nelio_ab_testing The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. 2019-09-17 4.0 CVE-2016-10977
MISC
MISC
MISC
nerdcow — tweet_wheel The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret. 2019-09-17 4.3 CVE-2016-10986
MISC
MISC
MISC
netattingo — wp-whois-domain The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. 2019-09-13 4.3 CVE-2017-18612
MISC
MISC
neuvoo — neuvoo-jobroll The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. 2019-09-20 4.3 CVE-2015-9404
MISC
MISC
neuvoo — neuvoo_jobs The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. 2019-09-20 4.3 CVE-2015-9403
MISC
MISC
ngiflib_project — ngiflib ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. 2019-09-16 6.8 CVE-2019-16346
MISC
MISC
ngiflib_project — ngiflib ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. 2019-09-16 6.8 CVE-2019-16347
MISC
MISC
niushop — niushop NIUSHOP V1.11 has CSRF via search_info to index.php. 2019-09-14 6.8 CVE-2019-16311
MISC
notepad_plus_plus — notepad++ SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. 2019-09-14 6.8 CVE-2019-16294
MISC
MISC
MISC
ocimscripts — ocim-mp3 The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. 2019-09-20 4.3 CVE-2016-10998
MISC
open-emr — openemr OpenEMR v5.0.1-6 allows XSS. 2019-09-16 4.3 CVE-2019-8368
MISC
optinmonster — optinmonster The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. 2019-09-20 5.0 CVE-2016-10996
MISC
MISC
ostenta — yawpp The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. 2019-09-20 4.3 CVE-2015-9391
MISC
MISC
pagelines — pagelines The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. 2019-09-13 6.8 CVE-2016-10945
MISC
peepso — peepso The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. 2019-09-16 6.5 CVE-2016-10968
MISC
MISC
picoc_project — picoc PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. 2019-09-13 6.8 CVE-2019-16277
MISC
pimcore — pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. 2019-09-14 6.5 CVE-2019-16317
MISC
MISC
pimcore — pimcore In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. 2019-09-14 6.5 CVE-2019-16318
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. 2019-09-20 5.0 CVE-2019-15085
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. 2019-09-20 4.3 CVE-2019-15086
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution. 2019-09-20 6.5 CVE-2019-15087
MISC
MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. 2019-09-20 6.8 CVE-2019-15089
MISC
MISC
publisure — publisure An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden). 2019-09-18 6.5 CVE-2019-14252
MISC
publisure — publisure An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted. 2019-09-18 6.4 CVE-2019-14253
MISC
pydio — pydio Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. 2019-09-19 5.0 CVE-2019-15032
MISC
MISC
MISC
pydio — pydio Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring. 2019-09-19 4.0 CVE-2019-15033
MISC
MISC
MISC
redmineup — crm The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. 2019-09-16 4.3 CVE-2019-15950
MISC
MISC
rsa — archer RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users’ UI under certain error conditions. 2019-09-18 4.0 CVE-2019-3756