US-CERT Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Original release date: August 19, 2019 | Last revised: August 21, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
foliovision — fv_flowplayer_video_player The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. 2019-08-09 7.5 CVE-2019-14801
MISC
frappe — frappe An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists. 2019-08-12 7.5 CVE-2019-14965
MISC
MISC
MISC
MISC
MISC
MISC
hashicorp — nomad HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. 2019-08-12 10.0 CVE-2019-12618
MISC
MISC
CONFIRM
hp — 3par_storeserv_management_console A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 10.0 CVE-2019-5402
CONFIRM
hp — 3par_storeserv_management_console A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 8.7 CVE-2019-5404
CONFIRM
hp — 3par_storeserv_management_console A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 9.0 CVE-2019-5406
CONFIRM
imagely — nextgen_gallery The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. 2019-08-14 7.5 CVE-2016-10889
MISC
microsoft — office A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ‘Microsoft Graphics Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1152. 2019-08-14 9.3 CVE-2019-1151
MISC
MISC
microsoft — windows_10 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ‘Microsoft Graphics Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152. 2019-08-14 9.3 CVE-2019-1144
MISC
MISC
microsoft — windows_10 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ‘Microsoft Graphics Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1151, CVE-2019-1152. 2019-08-14 9.3 CVE-2019-1150
MISC
MISC
MISC
microsoft — windows_10 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ‘Microsoft Graphics Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151. 2019-08-14 9.3 CVE-2019-1152
MISC
MISC
newstatpress_project — newstatpress The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. 2019-08-14 7.5 CVE-2015-9313
MISC
newstatpress_project — newstatpress The newstatpress plugin before 1.0.1 for WordPress has SQL injection. 2019-08-14 7.5 CVE-2015-9315
MISC
txjia — imcat An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action. 2019-08-12 7.5 CVE-2019-14968
MISC
veronalabs — wp_statistics The wp-statistics plugin before 12.0.8 for WordPress has SQL injection. 2019-08-14 7.5 CVE-2017-18515
MISC
wp-events-plugin — events_manager The events-manager plugin before 5.6 for WordPress has code injection. 2019-08-13 7.5 CVE-2015-9298
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10web — photo_gallery The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. 2019-08-09 4.0 CVE-2019-14798
MISC
MISC
MISC
23systems — lightbox_plus_colorbox The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. 2019-08-09 4.3 CVE-2016-10865
MISC
MISC
atlassian — jira The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. 2019-08-09 4.0 CVE-2018-20826
MISC
axiosys — bento4 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp. 2019-08-14 6.8 CVE-2019-15047
MISC
axiosys — bento4 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp. 2019-08-14 6.8 CVE-2019-15048
MISC
axiosys — bento4 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp. 2019-08-14 6.8 CVE-2019-15049
MISC
axiosys — bento4 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp. 2019-08-14 6.8 CVE-2019-15050
MISC
backup-guard — backup_guard The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. 2019-08-13 4.3 CVE-2017-18488
MISC
bestwebsoft — contact_form The contact-form-plugin plugin before 3.52 for WordPress has XSS. 2019-08-13 4.3 CVE-2013-7475
MISC
bestwebsoft — contact_form The contact-form-plugin plugin before 3.96 for WordPress has XSS. 2019-08-13 4.3 CVE-2015-9295
MISC
bestwebsoft — contact_form The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. 2019-08-13 4.3 CVE-2016-10869
MISC
bestwebsoft — contact_form The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. 2019-08-13 4.3 CVE-2017-18491
MISC
bestwebsoft — contact_form_to_db The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. 2019-08-13 4.3 CVE-2017-18492
MISC
bestwebsoft — custom_search The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. 2019-08-13 4.3 CVE-2017-18494
MISC
bestwebsoft — htaccess The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. 2019-08-13 4.3 CVE-2017-18496
MISC
bestwebsoft — social_buttons_pack The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. 2019-08-12 4.3 CVE-2017-18500
MISC
bestwebsoft — social_login The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. 2019-08-12 4.3 CVE-2017-18501
MISC
bestwebsoft — subscriber The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. 2019-08-12 4.3 CVE-2017-18502
MISC
bestwebsoft — twitter_button The twitter-plugin plugin before 2.55 for WordPress has XSS. 2019-08-12 4.3 CVE-2017-18505
MISC
codepeople — appointment_booking_calendar The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. 2019-08-09 4.3 CVE-2019-14791
MISC
MISC
MISC
codepeople — contact_form_email The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. 2019-08-13 4.3 CVE-2018-20963
MISC
codepeople — contact_form_email The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. 2019-08-13 6.8 CVE-2018-20964
MISC
edx — recommender Recommender before 2018-07-18 allows XSS. 2019-08-09 4.3 CVE-2018-20858
MISC
CONFIRM
exiv2 — exiv2 In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash. 2019-08-12 4.3 CVE-2019-14982
MISC
MISC
MISC
flippercode — google_map The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions. 2019-08-12 4.3 CVE-2015-9305
MISC
flippercode — google_map The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. 2019-08-12 4.3 CVE-2016-10878
MISC
foliovision — fv_flowplayer_video_player The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. 2019-08-09 4.3 CVE-2019-14799
MISC
MISC
frappe — frappe An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection. 2019-08-12 6.5 CVE-2019-14966
MISC
MISC
MISC
MISC
MISC
MISC
frappe — frappe An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability. 2019-08-12 4.3 CVE-2019-14967
MISC
MISC
MISC
hp — 3par_storeserv_management_console A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 5.0 CVE-2019-5405
CONFIRM
hp — 3par_storeserv_management_console A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 6.5 CVE-2019-5407
CONFIRM
huawei — pcmanager PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution. 2019-08-13 6.8 CVE-2019-5223
CONFIRM
ibericode — mailchimp The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page. 2019-08-13 4.3 CVE-2016-10871
MISC
icmsdev — icms iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. 2019-08-12 4.3 CVE-2019-14976
MISC
imagemagick — imagemagick In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. 2019-08-12 4.3 CVE-2019-14980
MISC
MISC
MISC
MISC
imagemagick — imagemagick In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. 2019-08-12 4.3 CVE-2019-14981
MISC
MISC
MISC
istio — istio Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. 2019-08-13 5.0 CVE-2019-14993
MISC
MISC
MISC
CONFIRM
kunena — kunena The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. 2019-08-16 4.3 CVE-2019-15120
MISC
MISC
lansweeper — lansweeper Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. 2019-08-12 6.4 CVE-2019-13462
MISC
MISC
mediaburst — gravity_forms The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS. 2019-08-13 4.3 CVE-2017-18495
MISC
mediawiki — mediawiki In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. 2019-08-09 4.3 CVE-2019-14807
CONFIRM
MISC
metabox — meta_box The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. 2019-08-09 5.5 CVE-2019-14793
MISC
MISC
metabox — meta_box The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. 2019-08-09 5.0 CVE-2019-14794
MISC
netapp — oncommand_insight OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. 2019-08-09 4.0 CVE-2019-5498
CONFIRM
never5 — download_monitor The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. 2019-08-13 4.3 CVE-2015-9296
MISC
newstatpress_project — newstatpress The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. 2019-08-14 4.3 CVE-2015-9311
MISC
newstatpress_project — newstatpress The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. 2019-08-14 4.3 CVE-2015-9312
MISC
newstatpress_project — newstatpress The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. 2019-08-14 4.3 CVE-2015-9314
MISC
palletsprojects — werkzeug Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. 2019-08-09 5.0 CVE-2019-14806
MISC
MISC
MISC
php — php When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. 2019-08-09 6.8 CVE-2019-11041
CONFIRM
MLIST
UBUNTU
UBUNTU
php — php When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. 2019-08-09 6.8 CVE-2019-11042
CONFIRM
MLIST
UBUNTU
UBUNTU
presstigers — simple_job_board The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. 2019-08-13 4.3 CVE-2017-18498
MISC
siemens — siprotec_5_firmware Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. 2019-08-09 5.8 CVE-2019-12257
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
simple-membership-plugin — simple_membership The simple-membership plugin before 3.5.7 for WordPress has XSS. 2019-08-12 4.3 CVE-2017-18499
MISC
tipsandtricks-hq — all_in_one_wp_security_&_firewall The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. 2019-08-13 4.3 CVE-2015-9293
MISC
tipsandtricks-hq — all_in_one_wp_security_&_firewall The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. 2019-08-13 4.3 CVE-2015-9294
MISC
tipsandtricks-hq — all_in_one_wp_security_&_firewall The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. 2019-08-13 4.3 CVE-2016-10866
MISC
tipsandtricks-hq — all_in_one_wp_security_&_firewall The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. 2019-08-13 4.3 CVE-2016-10867
MISC
tipsandtricks-hq — all_in_one_wp_security_&_firewall The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. 2019-08-13 4.3 CVE-2016-10868
MISC
ultimatemember — ultimate_member The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. 2019-08-12 4.3 CVE-2015-9304
MISC
ultimatemember — ultimate_member The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. 2019-08-12 4.3 CVE-2016-10872
MISC
ultimatemember — ultimate_member The ultimate-member plugin before 2.0.4 for WordPress has XSS. 2019-08-12 4.3 CVE-2018-20965
MISC
w3eden — live_forms The liveforms plugin before 3.4.0 for WordPress has XSS. 2019-08-13 4.3 CVE-2017-18497
MISC
webkul — bagisto Bagisto 0.1.5 allows CSRF under /admin URIs. 2019-08-11 6.8 CVE-2019-14933
MISC
MISC
wp-events-plugin — events_manager The events-manager plugin before 5.6 for WordPress has XSS. 2019-08-13 4.3 CVE-2015-9297
MISC
wp-events-plugin — events_manager The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. 2019-08-13 4.3 CVE-2015-9299
MISC
wp-events-plugin — events_manager The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. 2019-08-13 4.3 CVE-2015-9300
MISC
wp-jobmanager — job_manager The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. 2019-08-13 4.3 CVE-2012-6713
MISC
wp-livechat — wp_live_chat_support The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. 2019-08-12 4.3 CVE-2016-10879
MISC
wp-livechat — wp_live_chat_support The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. 2019-08-13 4.3 CVE-2017-18507
MISC
wp-livechat — wp_live_chat_support The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. 2019-08-12 4.3 CVE-2017-18508
MISC
wp-livechat — wp_live_chat_support The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. 2019-08-12 4.3 CVE-2019-14950
MISC
wp_editor_project — wp_editor The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues. 2019-08-12 4.3 CVE-2016-10877
MISC
wpdeveloper — twitter_cards_meta The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. 2019-08-12 4.3 CVE-2017-18503
MISC
wpdeveloper — twitter_cards_meta The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. 2019-08-12 6.8 CVE-2017-18504
MISC
wpseeds — wp_database_backup The wp-database-backup plugin before 4.3.3 for WordPress has XSS. 2019-08-12 4.3 CVE-2016-10873
MISC
wpseeds — wp_database_backup The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. 2019-08-12 6.8 CVE-2016-10874
MISC
wpseeds — wp_database_backup The wp-database-backup plugin before 4.3.1 for WordPress has XSS. 2019-08-12 4.3 CVE-2016-10875
MISC
wpseeds — wp_database_backup The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. 2019-08-12 6.8 CVE-2016-10876
MISC
wpseeds — wp_database_backup The wp-database-backup plugin before 5.1.2 for WordPress has XSS. 2019-08-12 4.3 CVE-2019-14949
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10web — photo_gallery The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. 2019-08-09 3.5 CVE-2019-14797
MISC
atlassian — jira The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. 2019-08-09 3.5 CVE-2018-20827
MISC
codecabin — wp_google_maps The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. 2019-08-09 3.5 CVE-2019-14792
MISC
MISC
MISC
codepeople — cp_contact_form_with_paypal The “CP Contact Form with PayPal” plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. 2019-08-09 3.5 CVE-2019-14785
MISC
MISC
hp — 3par_storeserv_management_console A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 3.5 CVE-2019-5403
CONFIRM
mq-woocommerce-products-price-bulk-edit_project — mq-woocommerce-products-price-bulk-edit The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. 2019-08-09 3.5 CVE-2019-14796
MISC
MISC
schben — framework Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. 2019-08-13 3.5 CVE-2019-14987
MISC
tribulant — newsletters The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. 2019-08-09 3.5 CVE-2019-14787
MISC
MISC
ultimatemember — ultimate_member The ultimate-member plugin before 2.0.54 for WordPress has XSS. 2019-08-12 3.5 CVE-2019-14945
MISC
MISC
ultimatemember — ultimate_member The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. 2019-08-12 3.5 CVE-2019-14946
MISC
MISC
ultimatemember — ultimate_member The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. 2019-08-12 3.5 CVE-2019-14947
MISC
MISC
una — una studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. 2019-08-09 3.5 CVE-2019-14804
MISC
MISC
MISC
una — una studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. 2019-08-09 3.5 CVE-2019-14805
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
20-20 — storage An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs. 2019-08-13 not yet calculated CVE-2019-12479
MISC
3cx — 3cx_windows_client 3CX Phone 15 on Windows has insecure permissions on the “%PROGRAMDATA%\3CXPhone for Windows\PhoneApp” installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. 2019-08-11 not yet calculated CVE-2019-14935
MISC
3s-smart_software_solutions — codesys_products An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. 2019-08-15 not yet calculated CVE-2019-9010
MISC
3s-smart_software_solutions — codesys_products An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. 2019-08-15 not yet calculated CVE-2019-9012
MISC
3s-smart_software_solutions — codesys_products An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3. 2019-08-15 not yet calculated CVE-2019-9013
MISC
adobe — after_effects Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-14 not yet calculated CVE-2019-8062
CONFIRM
adobe — character_animator Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-14 not yet calculated CVE-2019-7870
CONFIRM
adobe — creative_cloud_desktop_application Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage. 2019-08-16 not yet calculated CVE-2019-8063
CONFIRM
adobe — creative_cloud_desktop_application Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service. 2019-08-16 not yet calculated CVE-2019-7957
CONFIRM
adobe — creative_cloud_desktop_application Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation. 2019-08-16 not yet calculated CVE-2019-7958
CONFIRM
adobe — creative_cloud_desktop_application Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-16 not yet calculated CVE-2019-7959
CONFIRM
adobe — experience_manager Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution. 2019-08-16 not yet calculated CVE-2019-7964
CONFIRM
adobe — prelude_cc Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-14 not yet calculated CVE-2019-7961
CONFIRM
adobe — premiere_pro_cc Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-14 not yet calculated CVE-2019-7931
CONFIRM
altools — altools_update_service ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges. 2019-08-13 not yet calculated CVE-2019-12808
MISC
alzip — alzip Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code. 2019-08-13 not yet calculated CVE-2019-12807
MISC
MISC
arista — cloudvision_portal Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. 2019-08-15 not yet calculated CVE-2018-12357
MISC
CONFIRM
arista — eos Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. 2019-08-15 not yet calculated CVE-2018-14008
MISC
CONFIRM

artica — integria_ims

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. 2019-08-16 not yet calculated CVE-2019-15091
MISC
artiflex — mupdf Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. 2019-08-14 not yet calculated CVE-2019-14975
MISC
MISC
atlassian — confluence_server The “HTML Include and replace macro” plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. 2019-08-14 not yet calculated CVE-2019-15053
MISC
atlassian — jira_server_and_data_center There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability. 2019-08-09 not yet calculated CVE-2019-11581
MISC
atlassian — jira The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability. 2019-08-13 not yet calculated CVE-2019-8448
MISC
bluetooth — bluetooth_br/edr The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka “KNOB”) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. 2019-08-14 not yet calculated CVE-2019-9506
FULLDISC
FULLDISC
FULLDISC
FULLDISC
MISC
CONFIRM
CERT-VN
MISC
cloud_foundry — uaa Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. 2019-08-09 not yet calculated CVE-2019-11274
CONFIRM
cms_clipper — cms_clipper CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. 2019-08-15 not yet calculated CVE-2018-12101
MISC
MISC
MISC
cnlh — nps lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user. 2019-08-16 not yet calculated CVE-2019-15119
MISC
MISC
cospas-sarsat — cospas-sarsat The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal. 2019-08-15 not yet calculated CVE-2018-14062
MISC
MISC
dell — dell_digital_delivery_and_alienware_digital_delivery Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges. 2019-08-09 not yet calculated CVE-2019-3742
FULLDISC
dell — dell_digital_delivery_and_alienware_digital_delivery Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges. 2019-08-09 not yet calculated CVE-2019-3744
FULLDISC
delta_electronics — delta_industrial_automation_dopsoft In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application. 2019-08-15 not yet calculated CVE-2019-13513
MISC
MISC
MISC
MISC
MISC
MISC
delta_electronics — delta_industrial_automation_dopsoft In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. 2019-08-15 not yet calculated CVE-2019-13514
MISC
MISC
dolibarr — dolibarr An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application’s own settings pages, this mechanism is bypassed.) 2019-08-14 not yet calculated CVE-2019-15062
MISC
MISC
dwsurvey — dwsurvey DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. 2019-08-15 not yet calculated CVE-2019-15095
MISC
eclipse_foundation — birt In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim’s browser context. 2019-08-09 not yet calculated CVE-2019-11776
CONFIRM
eq-3 — homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as “Set root password”) are exposed. 2019-08-13 not yet calculated CVE-2019-14986
MISC
eq-3 — homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata. 2019-08-14 not yet calculated CVE-2019-9585
MISC
MISC
eq-3 — homematic_ccu2_and_ccu3_devices eQ-3 Homematic AddOn ‘CloudMatic’ on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages. 2019-08-14 not yet calculated CVE-2019-9584
MISC
MISC
eq-3 — homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request. 2019-08-13 not yet calculated CVE-2019-14984
MISC
eq-3 — homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28. 2019-08-13 not yet calculated CVE-2019-14985
MISC
eq-3 — homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15. 2019-08-14 not yet calculated CVE-2019-9583
MISC
MISC
eq-3 — homematic_ccu2_devices eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. 2019-08-14 not yet calculated CVE-2019-9582
MISC
MISC
eq-3 — homematic_ccu3_devices eQ-3 Homematic CCU3 AddOn ‘Mediola NEO Server for Homematic CCU3’ prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer. 2019-08-14 not yet calculated CVE-2019-13030
MISC
MISC
exosip — exosip handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. 2019-08-14 not yet calculated CVE-2014-10375
MISC
extenua — silvershield extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service. 2019-08-17 not yet calculated CVE-2019-13069
MISC
MISC
eyesofnetwork — eyesofnetwork EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. 2019-08-16 not yet calculated CVE-2019-14923
MISC
MISC
fuji_electric — frenic_loader Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. 2019-08-15 not yet calculated CVE-2019-13512
MISC
gcdwebserver — gcdwebserver An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of the app, for instance). 2019-08-10 not yet calculated CVE-2019-14924
MISC
MISC
MISC
giflib — giflib In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. 2019-08-17 not yet calculated CVE-2019-15133
MISC
gnu — patch do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. 2019-08-16 not yet calculated CVE-2018-20969
MISC
MISC
BUGTRAQ
golang — go net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. 2019-08-13 not yet calculated CVE-2019-14809
CONFIRM
MISC
CONFIRM
gonicus — gosa Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring “success” when an arbitrary password is provided. 2019-08-15 not yet calculated CVE-2019-11187
MISC
CONFIRM
gradle — gradle The HTTP client in the Build tool in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. 2019-08-14 not yet calculated CVE-2019-15052
MISC
MISC
MISC
hewlett_packard_enterprise — 3par_service_processor A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5399
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5400
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5397
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5395
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5396
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5398
CONFIRM
hewlett_packard_enterprise — command_view_advanced_edition Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr. 2019-08-09 not yet calculated CVE-2019-5408
CONFIRM
hostapd_and_wpa_supplicant — hostapd_and_wpa_supplicant The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery. 2019-08-15 not yet calculated CVE-2019-13377
FEDORA
CONFIRM
MISC
MISC
http/2 — http/2 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. 2019-08-13 not yet calculated CVE-2019-9518
FULLDISC
MISC
CERT-VN
BUGTRAQ
CONFIRM
http/2 — http/2 Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. 2019-08-13 not yet calculated CVE-2019-9517
MLIST
MISC
CERT-VN
MLIST
MLIST
MLIST
MLIST
CONFIRM
http/2 — http/2 Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. 2019-08-13 not yet calculated CVE-2019-9514
FULLDISC
MISC
CERT-VN
MLIST
MLIST
MLIST
BUGTRAQ
CONFIRM
http/2 — http/2 HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with “H2PushResource”, could lead to an overwrite of memory in the pushing request’s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. 2019-08-15 not yet calculated CVE-2019-10081
MISC
http/2 — http/2 Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. 2019-08-13 not yet calculated CVE-2019-9516
FULLDISC
MISC
CERT-VN
BUGTRAQ
UBUNTU
CONFIRM
http/2 — http/2 Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. 2019-08-13 not yet calculated CVE-2019-9515
FULLDISC
MISC
CERT-VN
MLIST
MLIST
MLIST
BUGTRAQ
CONFIRM
http/2 — http/2 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. 2019-08-13 not yet calculated CVE-2019-9512
FULLDISC
MISC
CERT-VN
MLIST
MLIST
MLIST
BUGTRAQ
CONFIRM
http/2 — http/2 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. 2019-08-13 not yet calculated CVE-2019-9511
MISC
CERT-VN
UBUNTU
CONFIRM
http/2 — http/2 Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. 2019-08-13 not yet calculated CVE-2019-9513
MISC
CERT-VN
UBUNTU
CONFIRM
huawei — cloudlink_phone_7900 The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones. 2019-08-13 not yet calculated CVE-2019-5280
CONFIRM
huawei — hima-al00b_smart_phones Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code. 2019-08-13 not yet calculated CVE-2019-5299
CONFIRM
humanica — humatrix_7 The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates’ information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data. 2019-08-12 not yet calculated CVE-2019-14932
MISC
jasper — jasper The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. 2019-08-15 not yet calculated CVE-2017-14232
CONFIRM
joomla! — joomla! In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. 2019-08-14 not yet calculated CVE-2019-15028
MISC
keycloak — keycloak It was found that Keycloak’s account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain. 2019-08-14 not yet calculated CVE-2019-10199
CONFIRM
keycloak — keycloak It was found that Keycloak’s SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information. 2019-08-14 not yet calculated CVE-2019-10201
CONFIRM
leaf_admin — leaf_admin The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type. 2019-08-15 not yet calculated CVE-2019-14755
MISC
MISC
MISC
ledger — nano_2_and_nano_x_devices On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device’s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-08-10 not yet calculated CVE-2019-14354
MISC
libreoffice — document_foundation_libreoffice LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. 2019-08-15 not yet calculated CVE-2019-9852
BUGTRAQ
DEBIAN
MISC
libreoffice — document_foundation_libreoffice LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. 2019-08-15 not yet calculated CVE-2019-9850
FEDORA
BUGTRAQ
DEBIAN
CONFIRM
libreoffice — document_foundation_libreoffice LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. 2019-08-15 not yet calculated CVE-2019-9851
BUGTRAQ
DEBIAN
CONFIRM
libtiff — libtiff _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. 2019-08-14 not yet calculated CVE-2019-14973
CONFIRM
linux — linux_kernel An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. 2019-08-13 not yet calculated CVE-2017-18509
MISC
MISC
MISC
MLIST
MLIST
MISC
MISC
MISC
BUGTRAQ
DEBIAN
linux — linux_kernel drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. 2019-08-15 not yet calculated CVE-2019-15098
MISC
linux — linux_kernel A vulnerability was found in Linux kernel’s, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). 2019-08-15 not yet calculated CVE-2019-10140
CONFIRM
linux — linux_kernel An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. 2019-08-15 not yet calculated CVE-2019-15090
MISC
MISC
MISC
linux — linux_kernel check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. 2019-08-16 not yet calculated CVE-2019-15118
MISC
MISC
linux — linux_kernel parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. 2019-08-16 not yet calculated CVE-2019-15117
MISC
MISC
linux — linux_kernel drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. 2019-08-15 not yet calculated CVE-2019-15099
MISC
maadhaar — maadhaar_application The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. 2019-08-13 not yet calculated CVE-2019-14516
MISC
MISC
mcafee — frp Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges. 2019-08-14 not yet calculated CVE-2019-3637
CONFIRM
mcafee — web_gateway Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. 2019-08-14 not yet calculated CVE-2019-3639
CONFIRM
mcafee — web_gateway Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe. 2019-08-14 not yet calculated CVE-2019-3635
CONFIRM
mediatek — emmc_for_android The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes ‘system(“/system/bin/rm -r /data/’ followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data. 2019-08-14 not yet calculated CVE-2019-15027
MISC
MISC
micro_focus — self_service_password_reset A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. 2019-08-14 not yet calculated CVE-2019-11652
CONFIRM
CONFIRM
CONFIRM
microsoft — azure_active_directory_authentication_library An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka ‘Azure Active Directory Authentication Library Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1258
MISC
microsoft — azure_active_directory_microsoft_account An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session, aka ‘Windows Information Disclosure Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1172
MISC
microsoft — defender An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Defender Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1161
MISC
microsoft — dhcp_client A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka ‘Windows DHCP Client Remote Code Execution Vulnerability’. 2019-08-14 not yet calculated CVE-2019-0736
MISC
microsoft — directx An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1176
MISC
microsoft — dynamics_on-premise An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka ‘Dynamics On-Premise Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1229
MISC
microsoft — edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197. 2019-08-14 not yet calculated CVE-2019-1141
MISC
microsoft — edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197. 2019-08-14 not yet calculated CVE-2019-1131
MISC
microsoft — edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197. 2019-08-14 not yet calculated CVE-2019-1140
MISC
microsoft — edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196. 2019-08-14 not yet calculated CVE-2019-1197
MISC
microsoft — edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1197. 2019-08-14 not yet calculated CVE-2019-1196
MISC
microsoft — edge An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ‘Microsoft Edge Information Disclosure Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1030
MISC
microsoft — edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197. 2019-08-14 not yet calculated CVE-2019-1139
MISC
microsoft — edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196, CVE-2019-1197. 2019-08-14 not yet calculated CVE-2019-1195
MISC
microsoft — git_for_visual_studio An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files, aka ‘Git for Visual Studio Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1211
MISC
microsoft — hyper-v A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Remote Code Execution Vulnerability’. 2019-08-14 not yet calculated CVE-2019-0965
MISC
microsoft — hyper-v_network_switch A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0714, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723. 2019-08-14 not yet calculated CVE-2019-0715
MISC
microsoft — hyper-v_network_switch A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0723. 2019-08-14 not yet calculated CVE-2019-0718
MISC
microsoft — hyper-v_network_switch A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723. 2019-08-14 not yet calculated CVE-2019-0717
MISC
microsoft — hyper-v_network_switch A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723. 2019-08-14 not yet calculated CVE-2019-0714
MISC
microsoft — hyper-v_network_switch A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Hyper-V Remote Code Execution Vulnerability’. 2019-08-14 not yet calculated CVE-2019-0720
MISC
microsoft — hyper-v_network_switch A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718. 2019-08-14 not yet calculated CVE-2019-0723
MISC
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1194. 2019-08-14 not yet calculated CVE-2019-1133
MISC
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1133. 2019-08-14 not yet calculated CVE-2019-1194
MISC
microsoft — internet_explorer_and_edge A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ‘Microsoft Browser Memory Corruption Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1193
MISC
microsoft — internet_explorer_and_edge A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka ‘Microsoft Browsers Security Feature Bypass Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1192
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186. 2019-08-14 not yet calculated CVE-2019-1177
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186. 2019-08-14 not yet calculated CVE-2019-1179
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ‘Microsoft Graphics Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1144, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152. 2019-08-14 not yet calculated CVE-2019-1145
MISC
MISC
microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148. 2019-08-14 not yet calculated CVE-2019-1153
MISC
MISC
microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1078, CVE-2019-1153. 2019-08-14 not yet calculated CVE-2019-1148
MISC
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1146, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157. 2019-08-14 not yet calculated CVE-2019-1147
MISC
microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1143, CVE-2019-1154. 2019-08-14 not yet calculated CVE-2019-1158
MISC
microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1154, CVE-2019-1158. 2019-08-14 not yet calculated CVE-2019-1143
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1164. 2019-08-14 not yet calculated CVE-2019-1159
MISC
microsoft — multiple_windows_operating_systems A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input, aka ‘XmlLite Runtime Denial of Service Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1187
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege exists in SyncController.dll, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1198
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1157. 2019-08-14 not yet calculated CVE-2019-1156
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157. 2019-08-14 not yet calculated CVE-2019-1146
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186. 2019-08-14 not yet calculated CVE-2019-1178
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services? Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1181, CVE-2019-1222, CVE-2019-1226. 2019-08-14 not yet calculated CVE-2019-1182
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape, aka ‘Windows NTFS Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1170
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit this vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1168
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka ‘Windows Image Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1190
MISC
microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1228. 2019-08-14 not yet calculated CVE-2019-1227
MISC
microsoft — multiple_windows_operating_systems A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka ‘Windows File Signature Security Feature Bypass Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1163
MISC
microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka ‘Remote Desktop Protocol Server Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1224. 2019-08-14 not yet calculated CVE-2019-1225
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186. 2019-08-14 not yet calculated CVE-2019-1173
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1156, CVE-2019-1157. 2019-08-14 not yet calculated CVE-2019-1155
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184. 2019-08-14 not yet calculated CVE-2019-1186
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ‘Microsoft Graphics Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152. 2019-08-14 not yet calculated CVE-2019-1149
MISC
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1159. 2019-08-14 not yet calculated CVE-2019-1164
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1186. 2019-08-14 not yet calculated CVE-2019-1184
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka ‘LNK Remote Code Execution Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1188
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156. 2019-08-14 not yet calculated CVE-2019-1157
MISC
microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka ‘Remote Desktop Protocol Server Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1225. 2019-08-14 not yet calculated CVE-2019-1224
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services? Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226. 2019-08-14 not yet calculated CVE-2019-1222
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1184, CVE-2019-1186. 2019-08-14 not yet calculated CVE-2019-1180
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1173, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186. 2019-08-14 not yet calculated CVE-2019-1174
MISC
microsoft — multiple_windows_operating_systems An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage, aka ‘SymCrypt Information Disclosure Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1171
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186. 2019-08-14 not yet calculated CVE-2019-1175
MISC
microsoft — multiple_windows_operating_systems An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka ‘Windows ALPC Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1162
MISC
microsoft — multiple_windows_operating_systems A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services? Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222. 2019-08-14 not yet calculated CVE-2019-1226
MISC

microsoft — multiple_windows_products

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1169
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘Windows VBScript Engine Remote Code Execution Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1183
MISC
microsoft — multiple_windows_products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Denial of Service Vulnerability’. 2019-08-14 not yet calculated CVE-2019-0716
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services? Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1182, CVE-2019-1222, CVE-2019-1226. 2019-08-14 not yet calculated CVE-2019-1181
MISC
microsoft — multiple_windows_products A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka ‘Windows DHCP Server Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-1212. 2019-08-14 not yet calculated CVE-2019-1206
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ‘MS XML Remote Code Execution Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1057
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1201. 2019-08-14 not yet calculated CVE-2019-1205
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1205. 2019-08-14 not yet calculated CVE-2019-1201
MISC
microsoft — multiple_windows_products A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka ‘Windows DHCP Server Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-1206. 2019-08-14 not yet calculated CVE-2019-1212
MISC
microsoft — multple_windows_products An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka ‘Microsoft Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1148, CVE-2019-1153. 2019-08-14 not yet calculated CVE-2019-1078
MISC
microsoft — outlook An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka ‘Microsoft Outlook Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1204
MISC
microsoft — outlook_and_office365_proplus A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Memory Corruption Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1199
MISC
microsoft — outlook_and_office365_proplus A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka ‘Microsoft Outlook Remote Code Execution Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1200
MISC
microsoft — outlook_ios A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages, aka ‘Outlook iOS Spoofing Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1218
MISC
microsoft — remote_desktop_protocol A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1223
MISC
microsoft — sharepoint An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1202
MISC
microsoft — sharepoint_server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1203
MISC
microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1185
MISC
microsoft — windows_7_and_windows_server_2008 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1143, CVE-2019-1158. 2019-08-14 not yet calculated CVE-2019-1154
MISC
microsoft — windows_7_and_windows_server_2008 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1227. 2019-08-14 not yet calculated CVE-2019-1228
MISC
microsoft — windows_server_2008 A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka ‘Windows DHCP Server Remote Code Execution Vulnerability’. 2019-08-14 not yet calculated CVE-2019-1213
MISC
netgear — nighthawk_m1_devices An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication. 2019-08-14 not yet calculated CVE-2019-14527
MISC
netgear — nighthawk_m1_devices An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token. 2019-08-14 not yet calculated CVE-2019-14526
MISC
netwrix — auditor Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links. 2019-08-12 not yet calculated CVE-2019-14969
MISC
node.js — node.js An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. 2019-08-11 not yet calculated CVE-2019-14939
MISC
nvidia — shield_tv NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure. 2019-08-13 not yet calculated CVE-2019-5681
CONFIRM
opencart — opencart OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. 2019-08-15 not yet calculated CVE-2019-15081
MISC
openemr — openemr An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. 2019-08-13 not yet calculated CVE-2019-14530
MISC
MISC
openstack — nova An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. 2019-08-09 not yet calculated CVE-2019-14433
MLIST
MISC
CONFIRM
osisoft — osisoft_pi_web_api OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. 2019-08-15 not yet calculated CVE-2019-13515
MISC
osisoft — osisoft_pi_web_api In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. 2019-08-15 not yet calculated CVE-2019-13516
MISC
pdfresurrect — pdfresurrect An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn’t validate a certain size value, which leads to a malloc failure and out-of-bounds write. 2019-08-11 not yet calculated CVE-2019-14934
MISC
MISC
project_redcap — redcap REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user’s login sessionid from the database, and then re-login into REDCap to compromise all data. 2019-08-17 not yet calculated CVE-2019-14937
MISC
MISC
CONFIRM
prospecta — master_data_online Prospecta Master Data Online (MDO) 2.0 has Stored XSS. 2019-08-15 not yet calculated CVE-2018-17790
MISC
realtek — waves_maxxaudio_driver Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM. 2019-08-15 not yet calculated CVE-2019-15084
MISC
riot — riot RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN. 2019-08-17 not yet calculated CVE-2019-15134
MISC
rockwell_automation — arena_simulation_software Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. 2019-08-15 not yet calculated CVE-2019-13511
MISC
rockwell_automation — arena_simulation_software Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. 2019-08-15 not yet calculated CVE-2019-13510
MISC
sap — businessobjects_business_intelligence_platform Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. 2019-08-14 not yet calculated CVE-2019-0335
MISC
MISC
sap — businessobjects_business_intelligence_platform Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure. 2019-08-14 not yet calculated CVE-2019-0346
MISC
MISC
sap — businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. 2019-08-14 not yet calculated CVE-2019-0348
MISC
MISC
sap — businessobjects_business_intelligence_platform Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure. 2019-08-14 not yet calculated CVE-2019-0331
MISC
MISC
sap — businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-08-14 not yet calculated CVE-2019-0332
MISC
MISC
sap — businessobjects_business_intelligence_platform When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting. 2019-08-14 not yet calculated CVE-2019-0334
MISC
MISC
sap — businessobjects_business_intelligence_platform In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure. 2019-08-14 not yet calculated CVE-2019-0333
MISC
MISC
sap — commerce_cloud Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with ‘Hybris’ user rights, resulting in Code Injection. 2019-08-14 not yet calculated CVE-2019-0344
MISC
MISC
sap — commerce_cloud SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. 2019-08-14 not yet calculated CVE-2019-0343
MISC
MISC
sap — enable_now The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application. 2019-08-14 not yet calculated CVE-2019-0341
MISC
MISC
sap — enable_now The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files. 2019-08-14 not yet calculated CVE-2019-0340
MISC
MISC
sap — kernel SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute ?Go to statement? without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check 2019-08-14 not yet calculated CVE-2019-0349
MISC
MISC
sap — netweaver_application_server A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery. 2019-08-14 not yet calculated CVE-2019-0345
MISC
MISC
sap — netweaver_process_integration Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-14 not yet calculated CVE-2019-0337
MISC
MISC
sap — netweaver_uddi_server A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. 2019-08-14 not yet calculated CVE-2019-0351
MISC
MISC
sap — sap_gateway During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure. 2019-08-14 not yet calculated CVE-2019-0338
MISC
MISC
search_guard — search_guard Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated. 2019-08-12 not yet calculated CVE-2019-13417
CONFIRM
MISC
search_guard — search_guard Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see. 2019-08-13 not yet calculated CVE-2019-13415
CONFIRM
MISC
search_guard — search_guard Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. 2019-08-13 not yet calculated CVE-2019-13419
CONFIRM
MISC
search_guard — search_guard Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s). 2019-08-13 not yet calculated CVE-2019-13416
CONFIRM
MISC
search_guard — search_guard Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. 2019-08-12 not yet calculated CVE-2019-13418
CONFIRM
MISC
search_guard — search_guard Search Guard versions before 21.0 had an timing side channel issue when using the internal user database. 2019-08-13 not yet calculated CVE-2019-13420
CONFIRM
MISC
siemens — multiple_scalance_products A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device. 2019-08-13 not yet calculated CVE-2019-10927
CONFIRM
siemens — multiple_scalance_products A vulnerability has been identified in SCALANCE X-200 (All versions), SCALANCE X-200IRT (All versions), SCALANCE X-200RNA (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-08-13 not yet calculated CVE-2019-10942
CONFIRM
siemens — multiple_simatic_products A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication. 2019-08-13 not yet calculated CVE-2019-10943
CONFIRM
siemens — multiple_simatic_products A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication. 2019-08-13 not yet calculated CVE-2019-10929
CONFIRM
siemens — scalance_sc-600 A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device. 2019-08-13 not yet calculated CVE-2019-10928
CONFIRM
solarwinds — database_performance_analyzer SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the ‘Try Again’ Button on the page, aka a /iwc/idcStateError.iwc?page= URI. 2019-08-14 not yet calculated CVE-2018-19386
MISC
MISC
squid-cache — squid Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it. 2019-08-15 not yet calculated CVE-2019-12854
MISC
MISC
MISC
CONFIRM
stb_image_loader — stb_image_loader stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service. 2019-08-14 not yet calculated CVE-2019-15058
MISC
stb_vorbis — stb_vorbis A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. 2019-08-15 not yet calculated CVE-2019-13217
MISC
CONFIRM
MISC
stb_vorbis — stb_vorbis A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. 2019-08-15 not yet calculated CVE-2019-13221
MISC
CONFIRM
MISC
stb_vorbis — stb_vorbis Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. 2019-08-15 not yet calculated CVE-2019-13218
MISC
CONFIRM
MISC
stb_vorbis — stb_vorbis Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. 2019-08-15 not yet calculated CVE-2019-13220
MISC
CONFIRM
MISC
stb_vorbis — stb_vorbis A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. 2019-08-15 not yet calculated CVE-2019-13223
MISC
CONFIRM
MISC
stb_vorbis — stb_vorbis An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. 2019-08-15 not yet calculated CVE-2019-13222
MISC
CONFIRM
MISC
stb_vorbis — stb_vorbis A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. 2019-08-15 not yet calculated CVE-2019-13219
MISC
CONFIRM
MISC
storage_performance_development_kit — storage_performance_development_kit In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. 2019-08-11 not yet calculated CVE-2019-14940
MISC
sugarcrm — sugarcrm SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. 2019-08-14 not yet calculated CVE-2019-14974
MISC
telenav — scout_gps_link_app_for_ios The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile. 2019-08-12 not yet calculated CVE-2019-14951
MISC
tenable — nessus Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. 2019-08-15 not yet calculated CVE-2019-3974
MISC
tibco_software — multiple_products The web server component of TIBCO Software Inc.’s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. 2019-08-13 not yet calculated CVE-2019-11207
CONFIRM
CONFIRM
tortoisesvn — tortoisesvn An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside. 2019-08-15 not yet calculated CVE-2019-14422
FULLDISC
MISC
tp-link — m7350_devices The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability. 2019-08-14 not yet calculated CVE-2019-12103
MISC
MISC
tp-link — m7350_devices The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities. 2019-08-14 not yet calculated CVE-2019-12104
MISC
MISC
unisign — unisign UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets. 2019-08-13 not yet calculated CVE-2019-12806
MISC
vesta — control_panel A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. 2019-08-15 not yet calculated CVE-2019-12792
MISC
CONFIRM
vesta — control_panel A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. 2019-08-15 not yet calculated CVE-2019-12791
MISC
CONFIRM
web_studio — ultimate_loan_manager XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. 2019-08-14 not yet calculated CVE-2019-14427
EXPLOIT-DB
webmin — webmin An issue was discovered in Webmin through 1.920. The parameter old in password_change.cgi contains a command injection vulnerability. 2019-08-15 not yet calculated CVE-2019-15107
MISC
MISC
wind_river — vxworks Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). 2019-08-14 not yet calculated CVE-2019-12262
CONFIRM
CONFIRM
wind_river — vxworks Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. 2019-08-09 not yet calculated CVE-2019-12261
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. 2019-08-09 not yet calculated CVE-2019-12265
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. 2019-08-09 not yet calculated CVE-2019-12263
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. 2019-08-09 not yet calculated CVE-2019-12255
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. 2019-08-09 not yet calculated CVE-2019-12258
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. 2019-08-09 not yet calculated CVE-2019-12259
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. 2019-08-09 not yet calculated CVE-2019-12260
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets? IP options. 2019-08-09 not yet calculated CVE-2019-12256
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wordpress — wordpress The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. 2019-08-16 not yet calculated CVE-2018-20972
MISC
wordpress — wordpress The “CP Contact Form with PayPal” plugin before 1.2.98 for WordPress has XSS in CSS edition. 2019-08-15 not yet calculated CVE-2019-14784
MISC
wordpress — wordpress The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. 2019-08-15 not yet calculated CVE-2019-14786
MISC
MISC
wordpress — wordpress The js-jobs plugin before 1.0.7 for WordPress has CSRF. 2019-08-16 not yet calculated CVE-2018-20974
MISC
wordpress — wordpress The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. 2019-08-16 not yet calculated CVE-2018-20973
MISC
wordpress — wordpress wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. 2019-08-15 not yet calculated CVE-2019-14788
MISC
MISC
wordpress — wordpress The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, 2019-08-15 not yet calculated CVE-2019-14790
MISC
MISC
wordpress — wordpress The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. 2019-08-13 not yet calculated CVE-2017-18493
MISC
wordpress — wordpress The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. 2019-08-15 not yet calculated CVE-2019-14800
MISC
MISC
wordpress — wordpress The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. 2019-08-14 not yet calculated CVE-2019-15025
MISC
wordpress — wordpress The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. 2019-08-14 not yet calculated CVE-2017-18514
MISC
wordpress — wordpress The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. 2019-08-14 not yet calculated CVE-2018-20968
MISC
wordpress — wordpress The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. 2019-08-12 not yet calculated CVE-2018-20966
MISC
wordpress — wordpress The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input. 2019-08-16 not yet calculated CVE-2017-18545
MISC
wordpress — wordpress The google-document-embedder plugin before 2.6.1 for WordPress has XSS. 2019-08-14 not yet calculated CVE-2016-10880
MISC
wordpress — wordpress The google-document-embedder plugin before 2.6.2 for WordPress has XSS. 2019-08-14 not yet calculated CVE-2016-10881
MISC
wordpress — wordpress An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file. 2019-08-14 not yet calculated CVE-2019-14216
MISC
MISC
wordpress — wordpress The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. 2019-08-16 not yet calculated CVE-2018-20971
MISC
wordpress — wordpress The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. 2019-08-14 not yet calculated CVE-2013-7476
MISC
wordpress — wordpress The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. 2019-08-14 not yet calculated CVE-2018-20967
MISC
wordpress — wordpress The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. 2019-08-16 not yet calculated CVE-2017-18544
MISC
wordpress — wordpress The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. 2019-08-16 not yet calculated CVE-2019-15115
MISC
wordpress — wordpress The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. 2019-08-16 not yet calculated CVE-2019-15116
MISC
wordpress — wordpress The xo-security plugin before 1.5.3 for WordPress has XSS. 2019-08-16 not yet calculated CVE-2017-18541
MISC
wordpress — wordpress The note-press plugin before 0.1.2 for WordPress has SQL injection. 2019-08-16 not yet calculated CVE-2017-18548
MISC
wordpress — wordpress The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. 2019-08-16 not yet calculated CVE-2017-18547
MISC
wordpress — wordpress The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. 2019-08-16 not yet calculated CVE-2017-18546
MISC
wordpress — wordpress The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. 2019-08-16 not yet calculated CVE-2019-15114
MISC
wordpress — wordpress The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. 2019-08-16 not yet calculated CVE-2017-18542
MISC
wordpress — wordpress The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. 2019-08-16 not yet calculated CVE-2019-15113
MISC
wordpress — wordpress The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. 2019-08-15 not yet calculated CVE-2019-14789
MISC
MISC
wordpress — wordpress A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. 2019-08-15 not yet calculated CVE-2019-13578
MISC
MISC
MISC
MISC
wordpress — wordpress The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. 2019-08-15 not yet calculated CVE-2019-14795
MISC
MISC
wordpress — wordpress The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. 2019-08-14 not yet calculated CVE-2017-18513
MISC
wordpress — wordpress The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. 2019-08-13 not yet calculated CVE-2017-18490
MISC
wordpress — wordpress The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. 2019-08-12 not yet calculated CVE-2015-9306
MISC
wordpress — wordpress The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. 2019-08-14 not yet calculated CVE-2017-18511
MISC
wordpress — wordpress The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. 2019-08-16 not yet calculated CVE-2017-18543
MISC
wordpress — wordpress The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. 2019-08-14 not yet calculated CVE-2017-18510
MISC
wordpress — wordpress The google-language-translator plugin before 5.0.06 for WordPress has XSS. 2019-08-13 not yet calculated CVE-2016-10870
MISC
wordpress — wordpress The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. 2019-08-14 not yet calculated CVE-2016-10884
MISC
wordpress — wordpress The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. 2019-08-12 not yet calculated CVE-2015-9303
MISC
wordpress — wordpress The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users. 2019-08-14 not yet calculated CVE-2016-10883
MISC
wordpress — wordpress The olimometer plugin before 2.57 for WordPress has SQL injection. 2019-08-16 not yet calculated CVE-2016-10904
MISC
wordpress — wordpress The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. 2019-08-14 not yet calculated CVE-2016-10888
MISC
wordpress — wordpress The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues. 2019-08-14 not yet calculated CVE-2016-10887
MISC
wordpress — wordpress The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. 2019-08-16 not yet calculated CVE-2014-10376
MISC
wordpress — wordpress The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions. 2019-08-14 not yet calculated CVE-2016-10886
MISC
wordpress — wordpress The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. 2019-08-12 not yet calculated CVE-2019-14948
MISC
MISC
wordpress — wordpress The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. 2019-08-13 not yet calculated CVE-2017-18487
MISC
wordpress — wordpress The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter. 2019-08-14 not yet calculated CVE-2015-9316
MISC
MISC
wordpress — wordpress The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. 2019-08-16 not yet calculated CVE-2015-9322
MISC
wordpress — wordpress The visitors-online plugin before 0.4 for WordPress has SQL injection. 2019-08-16 not yet calculated CVE-2015-9325
MISC
wordpress — wordpress The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens. 2019-08-12 not yet calculated CVE-2017-18506
MISC
wordpress — wordpress The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS. 2019-08-13 not yet calculated CVE-2017-18489
MISC
wordpress — wordpress The wp-editor plugin before 1.2.6 for WordPress has CSRF. 2019-08-14 not yet calculated CVE-2016-10885
MISC
wordpress — wordpress The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. 2019-08-14 not yet calculated CVE-2015-9309
MISC
wordpress — wordpress The liveforms plugin before 3.2.0 for WordPress has SQL injection. 2019-08-13 not yet calculated CVE-2015-9301
MISC
wordpress — wordpress The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. 2019-08-14 not yet calculated CVE-2015-9308
MISC
wordpress — wordpress The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. 2019-08-14 not yet calculated CVE-2017-18512
MISC
wordpress — wordpress The simple-fields plugin before 1.4.11 for WordPress has XSS. 2019-08-13 not yet calculated CVE-2015-9302
MISC
wordpress — wordpress The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. 2019-08-14 not yet calculated CVE-2015-9310
MISC
wordpress — wordpress The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. 2019-08-16 not yet calculated CVE-2015-9323
MISC
wordpress — wordpress The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. 2019-08-14 not yet calculated CVE-2015-9307
MISC
wordpress — wordpress The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. 2019-08-16 not yet calculated CVE-2015-9324
MISC
wordpress — wordpress The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection. 2019-08-16 not yet calculated CVE-2015-9326
MISC
wordpress — wordpress The google-document-embedder plugin before 2.6.2 for WordPress has CSRF. 2019-08-14 not yet calculated CVE-2016-10882
MISC
wso2 — api_manager An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. 2019-08-16 not yet calculated CVE-2019-15108
MISC
xtrlock — xtrlock xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, “pinch and zoom” gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). 2019-08-15 not yet calculated CVE-2016-10894
MISC
yandex — clickhouse In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. 2019-08-15 not yet calculated CVE-2018-14671
CONFIRM
yandex — clickhouse In ClickHouse before 1.1.54388, “remote” table function allowed arbitrary symbols in “user”, “password” and “default_database” fields which led to Cross Protocol Request Forgery Attacks. 2019-08-15 not yet calculated CVE-2018-14668
MISC
yandex — clickhouse ClickHouse MySQL client before versions 1.1.54390 had “LOAD DATA LOCAL INFILE” functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. 2019-08-15 not yet calculated CVE-2018-14669
MISC
yandex — clickhouse Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. 2019-08-15 not yet calculated CVE-2018-14670
CONFIRM
yandex — clickhouse In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. 2019-08-15 not yet calculated CVE-2018-14672
MISC
yes24viewer_activex — yes24viewer_activex Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution. 2019-08-15 not yet calculated CVE-2019-12809
MISC
zabbix — zabbix Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the “Login name or password is incorrect” and “No permissions for system access” messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. 2019-08-17 not yet calculated CVE-2019-15132
MISC
zoho_manageengine — _opmanager An issue was discovered in Zoho ManageEngine OpManager through 12.4x. One can bypass the user password requirement and execute commands on the server. The “username+’@opm’ string is used for the password. For example, if the username is admin, the password is admin@opm. 2019-08-15 not yet calculated CVE-2019-15106
MISC
MISC
zoho_manageengine — application_manager An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the “Execute Program Action(s)” feature. 2019-08-15 not yet calculated CVE-2019-15105
MISC
MISC
zoho_manageengine — opmanager An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the “Execute Program Action(s)” feature. 2019-08-15 not yet calculated CVE-2019-15104
MISC
MISC
zoho_manageengine — servicedesk_plus Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. 2019-08-14 not yet calculated CVE-2019-15046
MISC
zte — zxhn_f670_product All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. 2019-08-15 not yet calculated CVE-2019-3418
CONFIRM
zte — zxhn_f670_product All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. 2019-08-15 not yet calculated CVE-2019-3417
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: August 12, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
beardev — joomsport The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. 2019-08-05 7.5 CVE-2019-14348
MISC
MISC
MISC
cpanel — cpanel cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). 2019-08-06 9.0 CVE-2016-10788
CONFIRM
cpanel — cpanel The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). 2019-08-07 8.7 CVE-2016-10804
CONFIRM
MISC
cpanel — cpanel In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). 2019-08-07 9.0 CVE-2016-10809
CONFIRM
MISC
cpanel — cpanel In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). 2019-08-07 9.0 CVE-2016-10810
CONFIRM
MISC
cpanel — cpanel In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). 2019-08-07 9.0 CVE-2016-10811
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). 2019-08-02 9.0 CVE-2017-18386
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). 2019-08-02 7.2 CVE-2017-18388
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). 2019-08-02 7.2 CVE-2017-18390
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). 2019-08-02 9.0 CVE-2017-18433
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). 2019-08-02 7.2 CVE-2017-18434
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). 2019-08-02 7.5 CVE-2017-18435
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). 2019-08-02 7.2 CVE-2017-18459
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). 2019-08-02 7.2 CVE-2017-18460
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). 2019-08-02 7.2 CVE-2017-18463
CONFIRM
MISC
fedoraproject — 389_directory_server It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service. 2019-08-02 7.8 CVE-2019-10171
CONFIRM
magento — magento An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. 2019-08-02 7.5 CVE-2019-7890
CONFIRM
magento — magento A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system. 2019-08-02 9.0 CVE-2019-7930
CONFIRM
open-emr — openemr OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. 2019-08-02 7.5 CVE-2019-14529
MISC
sygnoos — popup_builder A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. 2019-08-06 7.5 CVE-2019-14695
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adplug — adplug AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. 2019-08-06 6.8 CVE-2019-14690
MISC
adplug — adplug AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. 2019-08-06 6.8 CVE-2019-14691
MISC
adplug — adplug AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. 2019-08-06 6.8 CVE-2019-14692
MISC
adplug — adplug AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. 2019-08-06 6.8 CVE-2019-14733
MISC
adplug — adplug AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. 2019-08-06 6.8 CVE-2019-14734
MISC
brandy_project — brandy Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code. 2019-08-05 4.3 CVE-2019-14662
MISC
brandy_project — brandy Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code. 2019-08-05 4.3 CVE-2019-14663
MISC
brandy_project — brandy Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code. 2019-08-05 4.3 CVE-2019-14665
MISC
cpanel — cpanel cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). 2019-08-05 5.5 CVE-2016-10768
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). 2019-08-05 5.8 CVE-2016-10769
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). 2019-08-05 5.5 CVE-2016-10770
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). 2019-08-05 5.5 CVE-2016-10771
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). 2019-08-05 6.5 CVE-2016-10773
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185). 2019-08-06 4.0 CVE-2016-10785
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). 2019-08-06 4.0 CVE-2016-10786
CONFIRM
cpanel — cpanel The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). 2019-08-06 5.5 CVE-2016-10787
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). 2019-08-06 6.5 CVE-2016-10789
CONFIRM
cpanel — cpanel cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). 2019-08-07 6.5 CVE-2016-10802
CONFIRM
MISC
cpanel — cpanel cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). 2019-08-07 6.5 CVE-2016-10805
CONFIRM
MISC
cpanel — cpanel cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112). 2019-08-07 4.0 CVE-2016-10807
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). 2019-08-02 4.0 CVE-2017-18382
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). 2019-08-02 4.6 CVE-2017-18383
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). 2019-08-02 6.5 CVE-2017-18389
CONFIRM
MISC
cpanel — cpanel cPanel before 66.0.2 allows resellers to read other accounts’ domain log files (SEC-288). 2019-08-02 4.0 CVE-2017-18426
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). 2019-08-02 4.6 CVE-2017-18430
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). 2019-08-02 6.5 CVE-2017-18438
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). 2019-08-02 6.5 CVE-2017-18439
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). 2019-08-02 4.0 CVE-2017-18440
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). 2019-08-02 4.0 CVE-2017-18441
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). 2019-08-02 5.0 CVE-2017-18442
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). 2019-08-02 5.0 CVE-2017-18443
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). 2019-08-02 5.0 CVE-2017-18444
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). 2019-08-02 4.0 CVE-2017-18445
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). 2019-08-02 6.5 CVE-2017-18446
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). 2019-08-02 6.5 CVE-2017-18447
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). 2019-08-02 5.0 CVE-2017-18448
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). 2019-08-02 4.4 CVE-2017-18450
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows attackers to read a user’s crontab file during a short time interval upon a cPAddon upgrade (SEC-257). 2019-08-02 5.0 CVE-2017-18451
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). 2019-08-02 4.6 CVE-2017-18452
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). 2019-08-02 4.0 CVE-2017-18453
CONFIRM
MISC
cpanel — cpanel In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). 2019-08-02 4.0 CVE-2017-18455
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). 2019-08-02 4.3 CVE-2017-18456
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). 2019-08-02 4.9 CVE-2017-18457
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). 2019-08-02 5.0 CVE-2017-18461
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). 2019-08-05 6.5 CVE-2017-18469
CONFIRM
cpanel — cpanel cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). 2019-08-05 4.3 CVE-2017-18472
CONFIRM
MISC
dlink — dva-5592_firmware The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. 2019-08-02 4.3 CVE-2019-6968
MISC
dlink — dva-5592_firmware The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use). 2019-08-02 5.0 CVE-2019-6969
MISC
firefly-iii — flrefly_iii Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action. 2019-08-05 4.3 CVE-2019-14667
MISC
MISC
MISC
gnucobol_project — gnucobol GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. 2019-08-02 6.8 CVE-2019-14541
MISC
ibm — websphere_mq IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013. 2019-08-05 4.0 CVE-2019-4261
XF
CONFIRM
ipandao — editor.md pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. 2019-08-03 4.3 CVE-2019-14653
MISC
joomla — joomla! In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. 2019-08-04 6.5 CVE-2019-14654
MISC
liblouis — liblouis A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. 2019-08-02 6.8 CVE-2014-8184
CONFIRM
MISC
magento — magento A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2. 2019-08-02 5.0 CVE-2019-7849
CONFIRM
magento — magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. 2019-08-02 5.8 CVE-2019-7851
CONFIRM
magento — magento A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. 2019-08-02 5.0 CVE-2019-7852
CONFIRM
magento — magento An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details. 2019-08-02 5.0 CVE-2019-7854
CONFIRM
magento — magento A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. 2019-08-02 5.0 CVE-2019-7855
CONFIRM
magento — magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper’s cart due to an insufficiently robust anti-CSRF token implementation. 2019-08-02 4.3 CVE-2019-7857
CONFIRM
magento — magento A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks. 2019-08-02 5.0 CVE-2019-7858
CONFIRM
magento — magento A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. 2019-08-02 5.0 CVE-2019-7859
MISC
CONFIRM
magento — magento A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 5.0 CVE-2019-7860
CONFIRM
magento — magento Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 5.0 CVE-2019-7861
CONFIRM
magento — magento An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. 2019-08-02 5.0 CVE-2019-7864
CONFIRM
magento — magento A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration. 2019-08-02 6.8 CVE-2019-7865
CONFIRM
magento — magento A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection. 2019-08-02 6.5 CVE-2019-7871
CONFIRM
magento — magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details. 2019-08-02 5.5 CVE-2019-7872
CONFIRM
magento — magento A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule. 2019-08-02 5.8 CVE-2019-7873
CONFIRM
magento — magento A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. 2019-08-02 4.3 CVE-2019-7874
CONFIRM
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout. 2019-08-02 6.5 CVE-2019-7876
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript. 2019-08-02 4.3 CVE-2019-7877
MISC
CONFIRM
magento — magento Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. 2019-08-02 6.5 CVE-2019-7885
CONFIRM
magento — magento A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts. 2019-08-02 5.0 CVE-2019-7886
CONFIRM
magento — magento An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template. 2019-08-02 4.0 CVE-2019-7888
CONFIRM
magento — magento An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications. 2019-08-02 4.0 CVE-2019-7889
CONFIRM
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. 2019-08-02 6.5 CVE-2019-7892
CONFIRM
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update. 2019-08-02 6.5 CVE-2019-7895
CONFIRM
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update. 2019-08-02 6.5 CVE-2019-7896
CONFIRM
magento — magento Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input. 2019-08-02 5.0 CVE-2019-7898
CONFIRM
magento — magento Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 5.0 CVE-2019-7899
CONFIRM
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. 2019-08-02 6.5 CVE-2019-7903
CONFIRM
magento — magento Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes. 2019-08-02 5.5 CVE-2019-7904
CONFIRM
magento — magento A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code. 2019-08-02 6.5 CVE-2019-7911
CONFIRM
magento — magento A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server. 2019-08-02 6.5 CVE-2019-7912
CONFIRM
magento — magento A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code. 2019-08-02 6.5 CVE-2019-7913
CONFIRM
magento — magento A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store’s full page cache to serve a 404 page to customers. 2019-08-02 5.0 CVE-2019-7915
CONFIRM
magento — magento A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. 2019-08-02 6.5 CVE-2019-7923
CONFIRM
magento — magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder. 2019-08-02 5.5 CVE-2019-7925
CONFIRM
magento — magento A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal. 2019-08-02 5.0 CVE-2019-7928
CONFIRM
magento — magento An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request. 2019-08-02 4.0 CVE-2019-7929
CONFIRM
magento — magento A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. 2019-08-02 6.5 CVE-2019-7932
CONFIRM
magento — magento A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim’s browser. 2019-08-02 4.3 CVE-2019-7939
CONFIRM
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. 2019-08-02 6.5 CVE-2019-7942
CONFIRM
magento — magento A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 4.3 CVE-2019-7947
CONFIRM
magento — magento An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information. 2019-08-02 5.0 CVE-2019-7950
CONFIRM
magento — magento An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests. 2019-08-02 5.0 CVE-2019-7951
CONFIRM
octopus — octopus_deploy In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call. 2019-08-05 4.0 CVE-2019-14525
MISC
MISC
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cpanel — cpanel cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). 2019-08-05 3.5 CVE-2016-10767
CONFIRM
MISC
cpanel — cpanel cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). 2019-08-05 2.1 CVE-2016-10772
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). 2019-08-05 3.5 CVE-2016-10774
CONFIRM
MISC
cpanel — cpanel cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). 2019-08-06 3.5 CVE-2016-10776
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). 2019-08-06 3.5 CVE-2016-10777
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). 2019-08-06 3.5 CVE-2016-10778
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). 2019-08-06 3.5 CVE-2016-10779
CONFIRM
MISC
cpanel — cpanel cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). 2019-08-06 3.5 CVE-2016-10780
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). 2019-08-06 3.5 CVE-2016-10781
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181). 2019-08-06 3.5 CVE-2016-10782
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182). 2019-08-06 3.5 CVE-2016-10783
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184). 2019-08-06 3.5 CVE-2016-10784
CONFIRM
cpanel — cpanel cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110). 2019-08-07 3.5 CVE-2016-10806
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). 2019-08-02 2.1 CVE-2017-18384
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). 2019-08-02 2.1 CVE-2017-18385
CONFIRM
MISC
cpanel — cpanel cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). 2019-08-02 1.9 CVE-2017-18391
CONFIRM
MISC
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). 2019-08-02 3.5 CVE-2017-18417
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). 2019-08-02 3.5 CVE-2017-18418
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). 2019-08-02 3.5 CVE-2017-18419
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). 2019-08-02 3.5 CVE-2017-18420
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). 2019-08-02 2.1 CVE-2017-18421
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). 2019-08-02 2.1 CVE-2017-18422
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). 2019-08-02 2.1 CVE-2017-18423
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). 2019-08-02 2.1 CVE-2017-18424
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). 2019-08-02 1.9 CVE-2017-18425
CONFIRM
MISC
cpanel — cpanel In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). 2019-08-02 2.1 CVE-2017-18429
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). 2019-08-02 2.7 CVE-2017-18436
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). 2019-08-02 3.6 CVE-2017-18437
CONFIRM
MISC
cpanel — cpanel cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). 2019-08-02 2.1 CVE-2017-18449
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). 2019-08-02 3.5 CVE-2017-18454
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). 2019-08-02 3.6 CVE-2017-18458
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). 2019-08-05 3.5 CVE-2017-18471
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). 2019-08-05 3.5 CVE-2017-18473
CONFIRM
MISC
cpanel — cpanel cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). 2019-08-05 3.5 CVE-2017-18481
CONFIRM
MISC
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the JavaScript inside the filename and send it to users, thus helping him steal victims’ cookies (hence compromising their accounts). 2019-08-05 3.5 CVE-2019-14547
MISC
MISC
MISC
MISC
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside the body of the article, thus helping him steal victims’ cookies (hence compromising their accounts). 2019-08-05 3.5 CVE-2019-14548
MISC
MISC
MISC
MISC
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible link. 2019-08-05 3.5 CVE-2019-14549
MISC
MISC
MISC
MISC
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims’ cookies (hence compromising their accounts). 2019-08-05 3.5 CVE-2019-14550
MISC
MISC
MISC
MISC
firefly-iii — flrefly_iii Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link. 2019-08-05 3.5 CVE-2019-14668
MISC
MISC
firefly-iii — flrefly_iii Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page. 2019-08-05 3.5 CVE-2019-14669
MISC
MISC
firefly-iii — flrefly_iii Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation. 2019-08-05 3.5 CVE-2019-14670
MISC
MISC
firefly-iii — flrefly_iii Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints. 2019-08-05 2.1 CVE-2019-14671
MISC
MISC
firefly-iii — flrefly_iii Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page. 2019-08-05 3.5 CVE-2019-14672
MISC
MISC
ibm — cloud_private IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512. 2019-08-05 2.1 CVE-2019-4284
XF
CONFIRM
ibm — jazz_for_service_management IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296. 2019-08-02 2.1 CVE-2019-4275
CONFIRM
XF
magento — magento A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel. 2019-08-02 3.5 CVE-2019-7853
MISC
CONFIRM
magento — magento A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 3.5 CVE-2019-7862
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories. 2019-08-02 3.5 CVE-2019-7863
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor. 2019-08-02 3.5 CVE-2019-7866
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status. 2019-08-02 3.5 CVE-2019-7867
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules. 2019-08-02 3.5 CVE-2019-7868
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups. 2019-08-02 3.5 CVE-2019-7869
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates. 2019-08-02 3.5 CVE-2019-7875
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7880
CONFIRM
magento — magento A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack). 2019-08-02 3.5 CVE-2019-7881
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files. 2019-08-02 3.5 CVE-2019-7882
CONFIRM
magento — magento A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled. 2019-08-02 3.5 CVE-2019-7887
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7897
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information. 2019-08-02 3.5 CVE-2019-7908
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates. 2019-08-02 3.5 CVE-2019-7909
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7921
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7926
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7927
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7934
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7935
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7936
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7937
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7938
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript. 2019-08-02 3.5 CVE-2019-7940
MISC
CONFIRM
magento — magento A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript. 2019-08-02 3.5 CVE-2019-7944
MISC
CONFIRM
magento — magento A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript. 2019-08-02 3.5 CVE-2019-7945
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
1crm — on-premise_software 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. 2019-08-08 not yet calculated CVE-2019-14221
MISC
EXPLOIT-DB
3cx — 3cx_phone_system_web_management_console An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS). 2019-08-08 not yet calculated CVE-2019-13176
MISC
6kbbs — 6kbbs 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). 2019-08-08 not yet calculated CVE-2015-9292
MISC
:digitallyhappy — backpack_for_laravel The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. 2019-08-08 not yet calculated CVE-2018-20962
MISC
MISC
MISC
MISC
adplug — adplug AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp. 2019-08-06 not yet calculated CVE-2019-14732
MISC
annke — sp1_hd_wireless_camera ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID. 2019-08-07 not yet calculated CVE-2017-18483
MISC
apache — ranger Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix. 2019-08-08 not yet calculated CVE-2019-12397
MLIST
CONFIRM
apache — spark Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs. 2019-08-07 not yet calculated CVE-2019-10099
MISC
aptana — jaxer Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. 2019-08-09 not yet calculated CVE-2019-14312
MISC
MISC
atlassian — jira The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. 2019-08-09 not yet calculated CVE-2018-20826
MISC
atlassian — jira The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. 2019-08-09 not yet calculated CVE-2018-20827
MISC
atlassian — jira_server_and_data_center There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability. 2019-08-09 not yet calculated CVE-2019-11581
MISC
backdrop — backdrop_cms In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.) 2019-08-07 not yet calculated CVE-2019-14770
MISC
backdrop — backdrop_cms Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the “Synchronize, import, and export configuration” permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.) 2019-08-07 not yet calculated CVE-2019-14771
MISC
backdrop — backdrop_cms Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn’t sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.) 2019-08-07 not yet calculated CVE-2019-14769
MISC
canon — multiple_eos_and_powershot_products Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command. 2019-08-06 not yet calculated CVE-2019-5998
MISC
MISC
CONFIRM
MISC
canon — multiple_eos_and_powershot_products Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command. 2019-08-06 not yet calculated CVE-2019-6000
MISC
MISC
CONFIRM
MISC
canon — multiple_eos_and_powershot_products Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier. A successful exploitation may result in a specially crafted firmware update or unofficial firmware update being applied without user’s consent via unspecified vector. 2019-08-06 not yet calculated CVE-2019-5995
MISC
MISC
CONFIRM
MISC
canon — multiple_eos_and_powershot_products Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command. 2019-08-06 not yet calculated CVE-2019-5999
MISC
MISC
CONFIRM
MISC
canon — multiple_eos_and_powershot_products Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via setadapterbatteryreport command. 2019-08-06 not yet calculated CVE-2019-6001
MISC
MISC
CONFIRM
MISC
canon — multiple_eos_and_powershot_products
 
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via SendObjectInfo command. 2019-08-06 not yet calculated CVE-2019-5994
MISC
MISC
CONFIRM
MISC
cisco — enterprise_nfv_infrastructure_software A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device. 2019-08-08 not yet calculated CVE-2019-1952
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device. 2019-08-07 not yet calculated CVE-2019-1895
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. 2019-08-08 not yet calculated CVE-2019-1973
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image. 2019-08-08 not yet calculated CVE-2019-1946
CISCO
cisco — enterprise_nfv_infrastructure_software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2019-08-08 not yet calculated CVE-2019-1959
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability. 2019-08-08 not yet calculated CVE-2019-1953
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. 2019-08-08 not yet calculated CVE-2019-1972
CISCO
cisco — enterprise_nfv_infrastructure_software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2019-08-08 not yet calculated CVE-2019-1960
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS. 2019-08-08 not yet calculated CVE-2019-1961
CISCO
cisco — enterprise_nfv_infrastructure_software A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. 2019-08-08 not yet calculated CVE-2019-1971
CISCO
cisco — ios_xr_software A vulnerability in the implementation of the Intermediate System&ndash;to&ndash;Intermediate System (IS&ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS&ndash;IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS&ndash;IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS&ndash;IS area to unexpectedly restart the IS&ndash;IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software. 2019-08-07 not yet calculated CVE-2019-1910
CISCO
cisco — ios_xr_software
 
A vulnerability in the implementation of Intermediate System&ndash;to&ndash;Intermediate System (IS&ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS&ndash;IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS&ndash;IS process, resulting in a DoS condition. 2019-08-07 not yet calculated CVE-2019-1918
CISCO
cisco — adaptive_security_appliance A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. 2019-08-07 not yet calculated CVE-2019-1934
CISCO
cisco — adaptive_security_appliance Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. 2019-08-07 not yet calculated CVE-2019-1944
CISCO
cisco — adaptive_security_appliance Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. 2019-08-07 not yet calculated CVE-2019-1945
CISCO
cisco — asyncos_software_for_cisco_email_security_appliances  A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. A successful exploit could allow the attacker to bypass the header filters that are configured for the affected device, which could allow malicious content to pass through the device. 2019-08-08 not yet calculated CVE-2019-1955
CISCO
cisco — firepower_management_center A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-08-08 not yet calculated CVE-2019-1949
CISCO
cisco — firepower_threat_defense A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. 2019-08-08 not yet calculated CVE-2019-1970
CISCO
cisco — hyperflex_software A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. 2019-08-08 not yet calculated CVE-2019-1958
CISCO
cisco — iot_field_network_director A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. 2019-08-08 not yet calculated CVE-2019-1957
CISCO
cisco — sd-wan_solution A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a target device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet in the network. 2019-08-08 not yet calculated CVE-2019-1951
CISCO
cisco — small_business_220_series_smart_switches A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user. 2019-08-07 not yet calculated CVE-2019-1914
CISCO
cisco — small_business_220_series_smart_switches A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default. 2019-08-07 not yet calculated CVE-2019-1912
CISCO
cisco — small_business_220_series_smart_switches Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS. 2019-08-07 not yet calculated CVE-2019-1913
CISCO
cisco — spa112_2-port_phone_adapter A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by inserting malicious code in one of the configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-08-08 not yet calculated CVE-2019-1956
CISCO
cisco — webex_meetings_server_software A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. 2019-08-08 not yet calculated CVE-2019-1954
CISCO
cisco — webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2019-08-07 not yet calculated CVE-2019-1924
CISCO
cisco — webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2019-08-07 not yet calculated CVE-2019-1926
CISCO
cisco — webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2019-08-07 not yet calculated CVE-2019-1929
CISCO
cisco — webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2019-08-07 not yet calculated CVE-2019-1928
CISCO
cisco — webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2019-08-07 not yet calculated CVE-2019-1927
CISCO
cisco — webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. 2019-08-07 not yet calculated CVE-2019-1925
CISCO
cloud_foundry — multiple_products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with –client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. 2019-08-05 not yet calculated CVE-2019-3800
CONFIRM
CONFIRM
cloud_foundry — uaa Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. 2019-08-09 not yet calculated CVE-2019-11274
CONFIRM
cloud_foundry — uaa_and_pivotal_application services_and_pivotal_ops_manager Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ?clients.write? authority or scope can bypass the restrictions imposed on clients created via ?clients.write? and create clients with arbitrary scopes that he does not possess. 2019-08-05 not yet calculated CVE-2019-11270
CONFIRM
CONFIRM
cognitoys — dino_devices Cognitoys Dino devices allow profiles_add.html CSRF. 2019-08-08 not yet calculated CVE-2017-18485
MISC
cognitoys — dino_devices Cognitoys Dino devices allow XSS via the SSID. 2019-08-08 not yet calculated CVE-2017-18484
MISC
cpanel — cpanel cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). 2019-08-06 not yet calculated CVE-2016-10794
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). 2019-08-05 not yet calculated CVE-2017-18468
CONFIRM
cpanel — cpanel In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). 2019-08-05 not yet calculated CVE-2017-18475
CONFIRM
cpanel — cpanel cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). 2019-08-05 not yet calculated CVE-2017-18482
CONFIRM
cpanel — cpanel cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). 2019-08-07 not yet calculated CVE-2016-10803
CONFIRM
cpanel — cpanel cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). 2019-08-05 not yet calculated CVE-2017-18465
CONFIRM
cpanel — cpanel cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). 2019-08-05 not yet calculated CVE-2017-18466
CONFIRM
cpanel — cpanel cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). 2019-08-05 not yet calculated CVE-2016-10775
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). 2019-08-05 not yet calculated CVE-2017-18464
CONFIRM
cpanel — cpanel In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). 2019-08-07 not yet calculated CVE-2016-10812
CONFIRM
cpanel — cpanel cPanel before 58.0.4 has improper session handling for shared users (SEC-139). 2019-08-07 not yet calculated CVE-2016-10801
CONFIRM
cpanel — cpanel cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). 2019-08-07 not yet calculated CVE-2016-10800
CONFIRM
cpanel — cpanel cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). 2019-08-06 not yet calculated CVE-2016-10796
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). 2019-08-05 not yet calculated CVE-2017-18462
CONFIRM
cpanel — cpanel cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). 2019-08-06 not yet calculated CVE-2016-10790
CONFIRM
cpanel — cpanel cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). 2019-08-06 not yet calculated CVE-2016-10791
CONFIRM
cpanel — cpanel In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). 2019-08-05 not yet calculated CVE-2017-18477
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). 2019-08-05 not yet calculated CVE-2017-18467
CONFIRM
cpanel — cpanel cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). 2019-08-05 not yet calculated CVE-2017-18480
CONFIRM
cpanel — cpanel cPanel before 58.0.4 allows WHM “Purchase and Install an SSL Certificate” page visitors to list all server domains (SEC-133). 2019-08-06 not yet calculated CVE-2016-10797
CONFIRM
cpanel — cpanel cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134). 2019-08-07 not yet calculated CVE-2016-10798
CONFIRM
cpanel — cpanel In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). 2019-08-05 not yet calculated CVE-2017-18479
CONFIRM
cpanel — cpanel In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). 2019-08-05 not yet calculated CVE-2017-18478
CONFIRM
cpanel — cpanel cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). 2019-08-06 not yet calculated CVE-2016-10792
CONFIRM
cpanel — cpanel Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). 2019-08-05 not yet calculated CVE-2017-18476
CONFIRM
cpanel — cpanel cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). 2019-08-07 not yet calculated CVE-2016-10799
CONFIRM
cpanel — cpanel In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). 2019-08-07 not yet calculated CVE-2016-10808
CONFIRM
cpanel — cpanel cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). 2019-08-06 not yet calculated CVE-2016-10793
CONFIRM
cpanel — cpanel cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). 2019-08-06 not yet calculated CVE-2016-10795
CONFIRM
cpanel — cpanel cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). 2019-08-05 not yet calculated CVE-2017-18470
CONFIRM
cpanel — cpanel cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). 2019-08-05 not yet calculated CVE-2017-18474
CONFIRM
d-link — 6600-ap_and_dwl-3600ap_ax_devices An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI. 2019-08-08 not yet calculated CVE-2019-14335
MISC
MISC
d-link — dir-600m_devices An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. 2019-08-08 not yet calculated CVE-2019-13101
MISC
FULLDISC
MISC
MISC
MISC
das_q — das_q Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. 2019-08-02 not yet calculated CVE-2019-14551
MISC
das — u-boot Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. 2019-08-06 not yet calculated CVE-2019-13106
MISC
MISC
MISC
das — u-boot Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. 2019-08-06 not yet calculated CVE-2019-13105
MISC
MISC
MISC
das — u-boot In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. 2019-08-06 not yet calculated CVE-2019-13104
MISC
MISC
MISC
dell — client_commercial_and_consumer_platforms Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability. 2019-08-05 not yet calculated CVE-2019-3717
CONFIRM
dell — dell_digital_delivery_and_alienware_digital_delivery Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges. 2019-08-09 not yet calculated CVE-2019-3744
FULLDISC
dell — dell_digital_delivery_and_alienware_digital_delivery Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges. 2019-08-09 not yet calculated CVE-2019-3742
FULLDISC
django — django An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of “OR 1=1” in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. 2019-08-09 not yet calculated CVE-2019-14234
MISC
MISC
CONFIRM
dwsurvey — dwsurvey DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. 2019-08-07 not yet calculated CVE-2019-14747
MISC
eclipse_foundation — birt In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim’s browser context. 2019-08-09 not yet calculated CVE-2019-11776
CONFIRM
edimax — wi-fi_extender_devices Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. 2019-08-08 not yet calculated CVE-2016-10863
MISC
emca_software — energy_logserver The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. 2019-08-05 not yet calculated CVE-2019-14521
MISC
MISC
MISC
MISC
enigmail — enigmail In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the “EFAIL” attacks. 2019-08-05 not yet calculated CVE-2019-14664
MISC
MISC
eq-3 — homematic_ccu2_and_ccu3 eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. 2019-08-05 not yet calculated CVE-2019-14475
MISC
eq-3 — homematic_ccu2_and_ccu3 eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp. 2019-08-06 not yet calculated CVE-2019-14473
MISC
eq-3 — homematic_ccu3 eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function ‘Call()’ of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can start this attack too. 2019-08-07 not yet calculated CVE-2019-14474
MISC
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, which fires when the victim replies or forwards the mail, thus helping him steal victims’ cookies (hence compromising their accounts). 2019-08-05 not yet calculated CVE-2019-14546
MISC
MISC
MISC
MISC
gcdwebserver — gcdwebserver An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of the app, for instance). 2019-08-10 not yet calculated CVE-2019-14924
MISC
MISC
MISC
go-camo — go-camo A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. 2019-08-08 not yet calculated CVE-2019-14255
CONFIRM
gogs — gogs routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. 2019-08-02 not yet calculated CVE-2019-14544
MISC
gree — php_jose_library The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. 2019-08-07 not yet calculated CVE-2016-5431
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5395
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5398
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5396
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5400
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5399
CONFIRM
hewlett_packard_enterprise — 3par_service_processor A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. 2019-08-09 not yet calculated CVE-2019-5397
CONFIRM
hewlett_packard_enterprise — 3par_storeserv_management_and_core_software_media A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 not yet calculated CVE-2019-5403
CONFIRM
hewlett_packard_enterprise — 3par_storeserv_management_and_core_software_media A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 not yet calculated CVE-2019-5404
CONFIRM
hewlett_packard_enterprise — 3par_storeserv_management_and_core_software_media A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 not yet calculated CVE-2019-5402
CONFIRM
hewlett_packard_enterprise — 3par_storeserv_management_and_core_software_media A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 not yet calculated CVE-2019-5407
CONFIRM
hewlett_packard_enterprise — 3par_storeserv_management_and_core_software_media A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 not yet calculated CVE-2019-5405
CONFIRM
hewlett_packard_enterprise — 3par_storeserv_management_and_core_software_media A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. 2019-08-09 not yet calculated CVE-2019-5406
CONFIRM
hewlett_packard_enterprise — command_view_advanced_edition Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr. 2019-08-09 not yet calculated CVE-2019-5408
CONFIRM
huawei — emily-l29c_smart_phones Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. 2019-08-08 not yet calculated CVE-2019-5236
CONFIRM
huawei — honor_v20_smart_phones Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information. 2019-08-08 not yet calculated CVE-2019-5301
CONFIRM
huawei — pcmanager Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. 2019-08-08 not yet calculated CVE-2019-5237
CONFIRM
huawei — pcmanager Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. 2019-08-08 not yet calculated CVE-2019-5238
CONFIRM
huawei — pcmanager Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information. 2019-08-08 not yet calculated CVE-2019-5239
CONFIRM
ibm — aix_platform Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. 2019-08-05 not yet calculated CVE-2019-4473
CONFIRM
XF
jenkins — jenkins A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-08-07 not yet calculated CVE-2019-10368
MLIST
MISC
jenkins — jenkins A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. 2019-08-07 not yet calculated CVE-2019-10373
MLIST
MISC
jenkins — jenkins An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. 2019-08-07 not yet calculated CVE-2019-10372
MLIST
MISC
jenkins — jenkins A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. 2019-08-07 not yet calculated CVE-2019-10371
MLIST
MISC
jenkins — jenkins Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. 2019-08-07 not yet calculated CVE-2019-10370
MLIST
MISC
jenkins — jenkins A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-08-07 not yet calculated CVE-2019-10386
MLIST
MISC
jenkins — jenkins An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master. 2019-08-07 not yet calculated CVE-2019-10375
MLIST
MISC
jenkins — jenkins Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. 2019-08-07 not yet calculated CVE-2019-10367
MLIST
MISC
jenkins — jenkins A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-08-07 not yet calculated CVE-2019-10387
MLIST
MISC
jenkins — jenkins A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI. 2019-08-07 not yet calculated CVE-2019-10374
MLIST
MISC
jenkins — jenkins A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2019-08-07 not yet calculated CVE-2019-10369
MLIST
MISC
jenkins — jenkins A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. 2019-08-07 not yet calculated CVE-2019-10389
MLIST
MISC
jenkins — jenkins A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. 2019-08-07 not yet calculated CVE-2019-10376
MLIST
MISC
jenkins — jenkins A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins. 2019-08-07 not yet calculated CVE-2019-10377
MLIST
MISC
jenkins — jenkins Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-08-07 not yet calculated CVE-2019-10378
MLIST
MISC
jenkins — jenkins A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. 2019-08-07 not yet calculated CVE-2019-10388
MLIST
MISC
jenkins — jenkins Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. 2019-08-07 not yet calculated CVE-2019-10380
MLIST
MISC
jenkins — jenkins Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. 2019-08-07 not yet calculated CVE-2019-10379
MLIST
MISC
jenkins — jenkins Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. 2019-08-07 not yet calculated CVE-2019-10382
MLIST
MISC
jenkins — jenkins Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. 2019-08-07 not yet calculated CVE-2019-10385
MLIST
MISC
jenkins — jenkins Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. 2019-08-07 not yet calculated CVE-2019-10381
MLIST
MISC
jitbit — helpdesk Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user. 2019-08-09 not yet calculated CVE-2017-18486
MISC
MISC
MISC
MISC
jura — e8_devices Jura E8 devices lack Bluetooth connection security. 2019-08-07 not yet calculated CVE-2018-20959
MISC
kde — kde_frameworks_kconfig In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. 2019-08-07 not yet calculated CVE-2019-14744
MISC
MISC
BUGTRAQ
DEBIAN
MISC
kuaifancms — kuaifancms A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. 2019-08-07 not yet calculated CVE-2019-14746
MISC
lcds — laquis_scada Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). 2019-08-05 not yet calculated CVE-2019-10994
MISC
lcds — laquis_scada A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 2019-08-05 not yet calculated CVE-2019-10980
MISC
ledger — nano_s_and_nano_x_devices On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device’s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-08-10 not yet calculated CVE-2019-14354
MISC
linux — linux_kernel In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. 2019-08-07 not yet calculated CVE-2018-20961
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. 2019-08-07 not yet calculated CVE-2019-14763
MISC
MISC
MISC
MISC
MISC
MISC
MISC
loom — loom_desktop_for_mac Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time. 2019-08-07 not yet calculated CVE-2019-14432
MISC
CONFIRM
mailpile — mailpile The “Security and Privacy” Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. 2019-08-08 not yet calculated CVE-2018-20954
MISC
MISC
MISC
mediawiki — mediawiki In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. 2019-08-09 not yet calculated CVE-2019-14807
CONFIRM
MISC
micro_focus — content_manager Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user?s CheckIn request. 2019-08-07 not yet calculated CVE-2019-11653
MISC
CONFIRM
microdigital — n-series_cameras A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. 2019-08-06 not yet calculated CVE-2019-14703
MISC
MISC
MISC
microdigital — n-series_cameras An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account. 2019-08-06 not yet calculated CVE-2019-14698
MISC
MISC
MISC
microdigital — n-series_cameras A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. 2019-08-06 not yet calculated CVE-2019-14709
MISC
MISC
MISC
microdigital — n-series_cameras An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random. 2019-08-06 not yet calculated CVE-2019-14701
MISC
MISC
MISC
microdigital — n-series_cameras An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account. 2019-08-06 not yet calculated CVE-2019-14702
MISC
MISC
MISC
microdigital — n-series_cameras An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists. 2019-08-06 not yet calculated CVE-2019-14700
MISC
MISC
MISC
microdigital — n-series_cameras An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account. 2019-08-06 not yet calculated CVE-2019-14708
MISC
MISC
MISC
microdigital — n-series_cameras An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin. 2019-08-06 not yet calculated CVE-2019-14705
MISC
MISC
MISC
microdigital — n-series_cameras A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string. 2019-08-06 not yet calculated CVE-2019-14706
MISC
MISC
MISC
microdigital — n-series_cameras An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI. 2019-08-06 not yet calculated CVE-2019-14707
MISC
MISC
MISC
microdigital — n-series_cameras An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server. 2019-08-06 not yet calculated CVE-2019-14699
MISC
MISC
MISC
microdigital — n-series_cameras An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. 2019-08-06 not yet calculated CVE-2019-14704
MISC
MISC
MISC
mongodb — mongodb_server After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user’s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22. 2019-08-06 not yet calculated CVE-2019-2386
CONFIRM
MISC
musl — libc musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application’s source code. 2019-08-06 not yet calculated CVE-2019-14697
MLIST
MISC
ncsoft — nc_launcher2 NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user. 2019-08-09 not yet calculated CVE-2019-12805
CONFIRM
neet — airstream_nas_devices Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. 2019-08-08 not yet calculated CVE-2016-10862
MISC
neet — airstream_nas_devices Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. 2019-08-07 not yet calculated CVE-2016-10861
MISC
nespresso — prodigio_devices Nespresso Prodigio devices lack Bluetooth connection security. 2019-08-08 not yet calculated CVE-2018-20960
MISC
netapp — data_ontap_operating_in_7-mode SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. 2019-08-05 not yet calculated CVE-2019-5502
MISC
netapp — oncommmand_insight OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. 2019-08-09 not yet calculated CVE-2019-5498
CONFIRM
netgear — ex7000_devices NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. 2019-08-08 not yet calculated CVE-2016-10864
MISC
nextcloud — nextcloud_lookup-server An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. 2019-08-07 not yet calculated CVE-2019-5476
MISC
nvidia — shield_tv NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges 2019-08-06 not yet calculated CVE-2019-5679
CONFIRM
nvidia — shield_tv NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service. 2019-08-06 not yet calculated CVE-2019-5682
CONFIRM
nvidia — windows_gpu_display_driver_software NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution. 2019-08-06 not yet calculated CVE-2019-5684
CONFIRM
CONFIRM
CONFIRM
MISC
nvidia — windows_gpu_display_driver_software NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution. 2019-08-06 not yet calculated CVE-2019-5685
CONFIRM
CONFIRM
MISC
nvidia — windows_gpu_display_driver_software NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service. 2019-08-06 not yet calculated CVE-2019-5686
CONFIRM
CONFIRM
nvidia — windows_gpu_display_driver_software NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor 2019-08-06 not yet calculated CVE-2019-5687
CONFIRM
CONFIRM
nvidia — windows_gpu_display_driver_software NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. 2019-08-06 not yet calculated CVE-2019-5683
CONFIRM
CONFIRM
open_edx — recommender Recommender before 2018-07-18 allows XSS. 2019-08-09 not yet calculated CVE-2018-20858
MISC
CONFIRM
open_school — open_school_and_community_edition Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. 2019-08-08 not yet calculated CVE-2019-14754
MISC
MISC
open_school — open_school_and_community_edition Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter. 2019-08-06 not yet calculated CVE-2019-14696
MISC
MISC
MISC
openstack — nova An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. 2019-08-09 not yet calculated CVE-2019-14433
MLIST
MISC
CONFIRM
osticket — osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment. 2019-08-07 not yet calculated CVE-2019-14748
MISC
MISC
MISC
MISC
osticket — osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected. 2019-08-07 not yet calculated CVE-2019-14749
MISC
MISC
MISC
MISC
osticket — osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions. 2019-08-07 not yet calculated CVE-2019-14750
MISC
MISC
MISC
MISC
php — php When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. 2019-08-09 not yet calculated CVE-2019-11042
CONFIRM
php — php When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. 2019-08-09 not yet calculated CVE-2019-11041
CONFIRM
qingdao_nature_easy_soft_network_technology — zentao An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people’s cookies via the Rich Text Box. 2019-08-06 not yet calculated CVE-2019-14731
MISC
radare2 — radare2 In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it’s possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. 2019-08-07 not yet calculated CVE-2019-14745
MISC
MISC
MISC
samsung — mobile_devices On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. 2019-08-08 not yet calculated CVE-2019-14783
MISC
schben — adive Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. 2019-08-06 not yet calculated CVE-2019-14347
MISC
MISC
schben — adive Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. 2019-08-06 not yet calculated CVE-2019-14346
MISC
MISC
MISC
shenzhen_dragon_brothers — fingerprint_bluetooth_round_padlock_fb50 An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock’s MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker’s account. Thus rendering the lock completely inaccessible to the current user. 2019-08-06 not yet calculated CVE-2019-13143
MISC
sitecore — sitecore_cms Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 – List Manager Dashboard module, (2) #307638 – Campaign Creator module, (3) #316994 – Attributes field, (4) I#316995 – Icon Selection module, (5) #317000 – Latitude field, (6) #317000 – Longitude field, (7) #317017 – UploadPackage2.aspx module, (8) #317072 – Context menu, or (9) I#317073 – Insert from Template dialog. 2019-08-05 not yet calculated CVE-2019-11198
MISC
MISC
swann — swwhd-intcam-hd_devices Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. 2019-08-08 not yet calculated CVE-2018-20955
MISC
swann — swwhd-intcam-hd_devices Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. 2019-08-08 not yet calculated CVE-2018-20956
MISC
tapplock — tapplock_devices The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. 2019-08-08 not yet calculated CVE-2018-20957
MISC
MISC
tapplock — tapplock_devices The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. 2019-08-07 not yet calculated CVE-2018-20958
CONFIRM
MISC
teampass — teampass An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php “Import items” feature, it is possible to load a crafted CSV file with an XSS payload. 2019-08-06 not yet calculated CVE-2019-12950
MISC
MISC
the_pallets_project — werkzeug Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. 2019-08-09 not yet calculated CVE-2019-14806
MISC
MISC
MISC
tibco_software — tibco_api_exchange_gateway_and_tibco_api_exchange_ gateway_distribution_for_tibco_silver_fabric The authorization component of TIBCO Software Inc.’s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.’s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions. 2019-08-08 not yet calculated CVE-2019-11208
MISC
CONFIRM
transition_technologies — the_scheduler The Transition Technologies “The Scheduler” app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7 2019-08-07 not yet calculated CVE-2018-14383
MISC
MISC
trezor — trezor_one_devices On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device’s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices. 2019-08-08 not yet calculated CVE-2019-14353
MISC
uipath — orchestrator UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features. 2019-08-08 not yet calculated CVE-2018-19855
MISC
MISC
una — una studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. 2019-08-09 not yet calculated CVE-2019-14804
MISC
MISC
una — una studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. 2019-08-09 not yet calculated CVE-2019-14805
MISC
MISC
verdaccio — verdaccio verdaccio before 3.12.0 allows XSS. 2019-08-08 not yet calculated CVE-2019-14772
MISC
wind_river — vxworks Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. 2019-08-09 not yet calculated CVE-2019-12260
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. 2019-08-09 not yet calculated CVE-2019-12265
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. 2019-08-09 not yet calculated CVE-2019-12263
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. 2019-08-09 not yet calculated CVE-2019-12261
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Affected versions: 6.6, 6.7, 6.8, 6.9 2019-08-09 not yet calculated CVE-2019-12255
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. 2019-08-09 not yet calculated CVE-2019-12259
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. 2019-08-05 not yet calculated CVE-2019-12264
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. 2019-08-09 not yet calculated CVE-2019-12257
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets? IP optionss. 2019-08-09 not yet calculated CVE-2019-12256
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river — vxworks Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. 2019-08-09 not yet calculated CVE-2019-12258
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wordpress — wordpress The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. 2019-08-08 not yet calculated CVE-2019-14774
MISC
wordpress — wordpress The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. 2019-08-09 not yet calculated CVE-2016-10865
MISC
MISC
wordpress — wordpress The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. 2019-08-09 not yet calculated CVE-2019-14798
MISC
MISC
wordpress — wordpress The “CP Contact Form with PayPal” plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. 2019-08-09 not yet calculated CVE-2019-14785
MISC
MISC
wordpress — wordpress The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. 2019-08-09 not yet calculated CVE-2019-14787
MISC
MISC
wordpress — wordpress The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. 2019-08-09 not yet calculated CVE-2019-14791
MISC
MISC
wordpress — wordpress The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. 2019-08-09 not yet calculated CVE-2019-14792
MISC
MISC
wordpress — wordpress The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. 2019-08-09 not yet calculated CVE-2019-14793
MISC
MISC
wordpress — wordpress The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. 2019-08-09 not yet calculated CVE-2019-14794
MISC
wordpress — wordpress The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. 2019-08-09 not yet calculated CVE-2019-14796
MISC
MISC
wordpress — wordpress The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. 2019-08-09 not yet calculated CVE-2019-14797
MISC
wordpress — wordpress The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. 2019-08-09 not yet calculated CVE-2019-14799
MISC
MISC
wordpress — wordpress The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. 2019-08-09 not yet calculated CVE-2019-14801
MISC
wordpress — wordpress admin/includes/class.actions.snippet.php in the “Woody ad snippets” plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. 2019-08-08 not yet calculated CVE-2019-14773
MISC
MISC
wordpress — wordpress The codection “Import users from CSV with meta” plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. 2019-08-08 not yet calculated CVE-2019-14683
MISC
MISC
MISC
wordpress — wordpress The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. 2019-08-08 not yet calculated CVE-2019-14682
MISC
MISC
wordpress — wordpress The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. 2019-08-08 not yet calculated CVE-2019-14681
MISC
MISC
wordpress — wordpress The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. 2019-08-08 not yet calculated CVE-2019-14680
MISC
wordpress — wordpress core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. 2019-08-08 not yet calculated CVE-2019-14679
MISC
MISC
yourls — yourls YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. 2019-08-07 not yet calculated CVE-2019-14537
MISC
MISC
MISC
MISC
MISC
zoho_manageengine — assetexplorer Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. 2019-08-08 not yet calculated CVE-2019-12994
MISC
zoho_manageengine — assetexplorer Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. 2019-08-08 not yet calculated CVE-2019-12959
MISC
zoho_manageengine — assetexplorer Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. 2019-08-08 not yet calculated CVE-2019-14693
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: August 5, 2019

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.  

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10web — photo_gallery A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. 2019-07-30 10.0 CVE-2019-14313
MISC
CONFIRM
CONFIRM
ahsay — cloud_backup_suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do “File Explorer” screen, it is possible to change the directory in the JavaScript code. If changed to (for example) “C:” then one can browse the whole server. 2019-07-26 7.8 CVE-2019-10265
MISC
ahsay — cloud_backup_suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication. 2019-07-26 7.8 CVE-2019-10266
MISC
MISC
ahsay — cloud_backup_suite An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server’s directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator). 2019-07-26 9.0 CVE-2019-10267
MISC
MISC
MISC
cpanel — cpanel cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). 2019-07-30 7.5 CVE-2018-20863
CONFIRM
cpanel — cpanel cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). 2019-07-30 7.2 CVE-2018-20869
CONFIRM
cpanel — cpanel cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). 2019-08-01 7.5 CVE-2018-20887
CONFIRM
cpanel — cpanel cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). 2019-07-30 7.2 CVE-2019-14400
CONFIRM
datagrid_project — datagrid The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. 2019-07-26 7.5 CVE-2019-14281
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. 2019-07-31 7.5 CVE-2019-14192
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the “if” block after calculating the new path length. 2019-07-31 7.5 CVE-2019-14193
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. 2019-07-31 7.5 CVE-2019-14194
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the “else” block after calculating the new path length. 2019-07-31 7.5 CVE-2019-14195
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. 2019-07-31 7.5 CVE-2019-14196
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. 2019-07-31 7.5 CVE-2019-14198
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. 2019-07-31 7.5 CVE-2019-14199
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. 2019-07-31 7.5 CVE-2019-14200
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. 2019-07-31 7.5 CVE-2019-14201
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. 2019-07-31 7.5 CVE-2019-14202
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. 2019-07-31 7.5 CVE-2019-14203
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. 2019-07-31 7.5 CVE-2019-14204
MISC
MISC
discourse — discourse Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via an email link. 2019-07-29 7.5 CVE-2019-1020018
MISC
MISC
libmodbus — libmodbus An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. 2019-07-31 7.5 CVE-2019-14462
MISC
MISC
libmodbus — libmodbus An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. 2019-07-31 7.5 CVE-2019-14463
MISC
MISC
linux — linux_kernel In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. 2019-07-27 7.5 CVE-2007-6762
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. 2019-07-27 7.5 CVE-2010-5331
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access. 2019-07-27 7.5 CVE-2010-5332
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. 2019-07-27 7.5 CVE-2011-5327
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. 2019-07-27 7.5 CVE-2012-6712
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. 2019-07-27 7.5 CVE-2015-9289
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the “>” should be “>=” instead. 2019-07-27 7.5 CVE-2016-10764
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. 2019-07-27 7.5 CVE-2017-18379
MISC
MISC
simple_captcha2_project — simple_captcha2 The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. 2019-07-26 7.5 CVE-2019-14282
MISC
MISC
veritas — resiliency_platform An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. 2019-07-29 9.0 CVE-2019-14416
MISC
FULLDISC
MISC
veritas — resiliency_platform An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. 2019-07-29 9.0 CVE-2019-14417
MISC
FULLDISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ahsay — cloud_backup_suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin’s cookie and take over the account. 2019-07-26 4.3 CVE-2019-10263
MISC
ahsay — cloud_backup_suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the “Move / Import / Export Users” screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE. 2019-07-26 6.5 CVE-2019-10264
MISC
ash-aio_project — ash-aio ASH-AIO before 2.0.0.3 allows an open redirect. 2019-07-29 5.8 CVE-2019-1020016
MISC
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. 2019-07-26 4.0 CVE-2019-13385
MISC
MISC
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege. 2019-07-26 6.5 CVE-2019-13386
MISC
MISC
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. 2019-07-26 4.3 CVE-2019-13387
MISC
MISC
central_dogma_project — central_dogma Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-26 4.3 CVE-2019-6002
JVN
MISC
cpanel — cpanel cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). 2019-07-30 6.4 CVE-2018-20864
CONFIRM
cpanel — cpanel cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). 2019-07-30 4.3 CVE-2018-20865
CONFIRM
cpanel — cpanel cPanel before 76.0.8 has Stored XSS in the WHM “Reset a DNS Zone” feature (SEC-461). 2019-07-30 4.3 CVE-2018-20866
CONFIRM
cpanel — cpanel cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). 2019-07-30 5.8 CVE-2018-20867
CONFIRM
cpanel — cpanel cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). 2019-07-30 4.3 CVE-2018-20868
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). 2019-08-01 6.5 CVE-2018-20879
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). 2019-08-01 4.0 CVE-2018-20883
CONFIRM
cpanel — cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). 2019-08-01 5.0 CVE-2018-20885
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). 2019-08-01 4.3 CVE-2018-20901
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). 2019-08-01 4.3 CVE-2018-20903
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). 2019-08-01 4.3 CVE-2018-20910
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows code execution because “.” is in @INC during a Perl syntax check of cpaddonsup (SEC-359). 2019-08-01 6.5 CVE-2018-20911
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). 2019-08-01 6.5 CVE-2018-20912
CONFIRM
cpanel — cpanel In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). 2019-08-01 4.9 CVE-2018-20914
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). 2019-08-01 4.3 CVE-2018-20918
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). 2019-08-01 4.3 CVE-2018-20919
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). 2019-08-01 4.3 CVE-2018-20920
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM “Delete a DNS Zone” action (SEC-375). 2019-08-01 4.3 CVE-2018-20921
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). 2019-08-01 4.3 CVE-2018-20922
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). 2019-08-01 4.3 CVE-2018-20923
CONFIRM
cpanel — cpanel cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). 2019-07-30 4.3 CVE-2019-14387
MISC
cpanel — cpanel cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). 2019-07-30 5.0 CVE-2019-14388
MISC
cpanel — cpanel cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). 2019-07-30 6.5 CVE-2019-14392
CONFIRM
cpanel — cpanel cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). 2019-07-30 4.6 CVE-2019-14393
CONFIRM
cpanel — cpanel cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). 2019-07-30 5.0 CVE-2019-14397
CONFIRM
cpanel — cpanel cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). 2019-07-30 6.5 CVE-2019-14398
CONFIRM
cpanel — cpanel The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). 2019-07-30 6.1 CVE-2019-14399
CONFIRM
cpanel — cpanel cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). 2019-07-30 6.5 CVE-2019-14401
CONFIRM
cpanel — cpanel cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). 2019-07-30 4.3 CVE-2019-14403
CONFIRM
cpanel — cpanel cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). 2019-07-30 4.9 CVE-2019-14404
CONFIRM
cpanel — cpanel cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). 2019-07-30 6.5 CVE-2019-14405
CONFIRM
cpanel — cpanel cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). 2019-07-30 4.3 CVE-2019-14406
CONFIRM
cpanel — cpanel cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). 2019-07-30 4.0 CVE-2019-14407
CONFIRM
cpanel — cpanel cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). 2019-07-30 4.0 CVE-2019-14408
CONFIRM
cpanel — cpanel cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). 2019-07-30 5.0 CVE-2019-14411
CONFIRM
cpanel — cpanel cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). 2019-07-30 4.0 CVE-2019-14413
CONFIRM
craftcms — craft_cms In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn’t stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public. 2019-07-26 5.0 CVE-2019-14280
MISC
MISC
custom_simple_rss_project — custom_simple_rss A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. 2019-07-30 4.3 CVE-2019-14327
MISC
MISC
denx — u-boot A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. 2019-07-29 6.4 CVE-2019-13103
MISC
MISC
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. 2019-07-31 6.4 CVE-2019-14197
MISC
MISC
discourse — discourse Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via a user-api OTP. 2019-07-29 5.0 CVE-2019-1020017
MISC
MISC
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code. 2019-07-28 4.3 CVE-2019-14329
MISC
MISC
MISC
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code. 2019-07-28 4.3 CVE-2019-14330
MISC
MISC
MISC
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. 2019-07-28 4.3 CVE-2019-14331
MISC
MISC
MISC
espocrm — espocrm EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this. 2019-07-28 4.3 CVE-2019-14349
MISC
espocrm — espocrm EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. 2019-07-28 4.3 CVE-2019-14350
MISC
espocrm — espocrm EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters. 2019-07-28 4.0 CVE-2019-14351
MISC
exiv2 — exiv2 Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. 2019-07-28 6.8 CVE-2019-14368
MISC
exiv2 — exiv2 Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. 2019-07-28 4.3 CVE-2019-14369
MISC
exiv2 — exiv2 In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. 2019-07-28 4.3 CVE-2019-14370
MISC
flif — flif An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file. 2019-07-28 6.8 CVE-2019-14373
MISC
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the “one byte per line” case. 2019-07-27 4.3 CVE-2019-14288
MISC
MISC
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the “multiple bytes per line” case. 2019-07-27 4.3 CVE-2019-14289
MISC
MISC
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. 2019-07-27 4.3 CVE-2019-14290
MISC
MISC
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. 2019-07-27 4.3 CVE-2019-14291
MISC
MISC
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. 2019-07-27 4.3 CVE-2019-14292
MISC
MISC
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. 2019-07-27 4.3 CVE-2019-14293
MISC
MISC
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. 2019-07-27 4.3 CVE-2019-14294
MISC
MISC
google — kubernetes_engine Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. 2019-07-31 4.0 CVE-2019-10365
MLIST
MISC
ibm — daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620. 2019-07-30 5.5 CVE-2019-4456
XF
CONFIRM
ibm — storediq IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696. 2019-07-31 4.0 CVE-2019-4163
CONFIRM
XF
ibm — storediq IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698. 2019-07-31 5.0 CVE-2019-4165
CONFIRM
XF
icegram — email_subscribers_&_newsletters An XSS vulnerability in the “Email Subscribers & Newsletters” plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. 2019-07-28 4.3 CVE-2019-14364
MISC
MISC
inveniosoftware — invenio-app invenio-app before 1.1.1 allows host header injection. 2019-07-29 5.8 CVE-2019-1020006
CONFIRM
inveniosoftware — invenio-previewer invenio-previewer before 1.0.0a12 allows XSS. 2019-07-29 4.3 CVE-2019-1020019
MISC
jenkins — configuration_as_code Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins. 2019-07-31 4.0 CVE-2019-10344
MLIST
MISC
jenkins — configuration_as_code Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables. 2019-07-31 5.5 CVE-2019-10362
MLIST
MISC
jenkins — configuration_as_code Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. 2019-07-31 4.0 CVE-2019-10363
MLIST
MISC
jenkins — m2release A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. 2019-07-31 6.8 CVE-2019-10359
MLIST
MISC
jenkins — maven Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. 2019-07-31 4.0 CVE-2019-10358
MLIST
MISC
jenkins — pipeline:shared_groovy_libraries A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries. 2019-07-31 4.0 CVE-2019-10357
MLIST
MISC
jenkins — script_security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. 2019-07-31 6.5 CVE-2019-10355
MLIST
MISC
jenkins — script_security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. 2019-07-31 6.5 CVE-2019-10356
MLIST
MISC
jenkins — skytap_cloud_ci Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-07-31 4.0 CVE-2019-10366
MLIST
MISC
kolide — fleet Fleet before 2.1.2 allows exposure of SMTP credentials. 2019-07-29 5.0 CVE-2019-1020009
MISC
libav — libav An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag. 2019-07-28 4.3 CVE-2019-14371
MISC
libav — libav In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. 2019-07-28 4.3 CVE-2019-14372
MISC
libav — libav An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. 2019-07-30 4.3 CVE-2019-14443
MISC
libsdl — sdl2_image An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 2019-07-31 6.8 CVE-2019-5057
MISC
libsdl — sdl2_image An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 2019-07-31 6.8 CVE-2019-5058
MISC
libsdl — sdl2_image An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 2019-07-31 6.8 CVE-2019-5059
MISC
libslirp_project — libslirp ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. 2019-07-29 6.5 CVE-2019-14378
MLIST
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. 2019-07-26 4.6 CVE-2018-20854
MISC
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. 2019-07-26 4.6 CVE-2018-20856
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. 2019-07-26 4.6 CVE-2019-14283
MISC
MISC
MISC
mcpp_project — mcpp MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. 2019-07-26 4.3 CVE-2019-14274
MISC
misp — misp In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. 2019-07-27 4.3 CVE-2019-14286
MISC
moodle — moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. 2019-07-31 6.8 CVE-2019-10186
CONFIRM
MISC
moodle — moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. 2019-07-31 4.0 CVE-2019-10187
CONFIRM
MISC
moodle — moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz. 2019-07-31 4.0 CVE-2019-10188
CONFIRM
CONFIRM
moodle — moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. 2019-07-31 4.0 CVE-2019-10189
CONFIRM
CONFIRM
nats — nats_server An integer overflow in NATS Server 2.0.0 allows a remote attacker to crash the server by sending a crafted request. 2019-07-29 5.0 CVE-2019-13126
MISC
MISC
open.edx — edx-platform edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. 2019-07-29 6.5 CVE-2015-5601
CONFIRM
open.edx — edx-platform edx-platform before 2015-09-17 allows XSS via a team name. 2019-07-29 4.3 CVE-2015-6960
CONFIRM
openmpt — libopenmpt libopenmpt before 0.3.13 allows a crash with malformed MED files. 2019-07-30 4.3 CVE-2018-20860
MISC
openmpt — libopenmpt libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. 2019-07-30 4.3 CVE-2019-14380
MISC
parseplatform — parse-server parse-server before 3.4.1 allows DoS after any POST to a volatile class. 2019-07-29 5.0 CVE-2019-1020012
MISC
parseplatform — parse-server parse-server before 3.6.0 allows account enumeration. 2019-07-29 5.0 CVE-2019-1020013
MISC
postgresql — postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). 2019-07-30 4.0 CVE-2019-10129
CONFIRM
MISC
pterodactyl — panel Pterodactyl before 0.7.14 with 2FA allows credential sniffing. 2019-07-29 5.0 CVE-2019-1020002
CONFIRM
stacktable.js_project — stacktable.js stacktable.js before 1.0.4 allows XSS. 2019-07-29 4.3 CVE-2019-1020008
MISC
sunhater — kcfinder A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. 2019-07-27 4.3 CVE-2019-14315
MISC
testlink — testlink TestLink 1.9.19 has XSS via the error.php message parameter. 2019-08-01 4.3 CVE-2019-14471
MISC
tridactyl_project — tridactyl Tridactyl before 1.16.0 allows fake key events. 2019-07-29 5.0 CVE-2019-1020004
MISC
unity — web_player The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim’s credentials 2019-07-29 4.0 CVE-2015-9288
CONFIRM
upx_project — upx An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory. 2019-07-27 4.3 CVE-2019-14295
MISC
upx_project — upx canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file. 2019-07-27 6.8 CVE-2019-14296
MISC
wallaceit — wallacepos Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. 2019-07-31 6.8 CVE-2019-3959
MISC
wikindx_project — wikindx A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX through 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. 2019-07-26 4.3 CVE-2019-13588
CONFIRM
wpfastestcache — wp_fastest_cache The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header. 2019-07-29 5.8 CVE-2019-6726
MISC
MISC
MISC
MISC
MISC
xfig_project — fig2dev Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. 2019-07-26 4.3 CVE-2019-14275
MISC
yardoc — yard yard before 0.9.20 allows path traversal. 2019-07-29 5.0 CVE-2019-1020001
MISC
zendesk — samlr Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!—->. and then the attacker’s domain name. 2019-07-26 5.0 CVE-2018-20857
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cpanel — cpanel cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). 2019-07-30 2.1 CVE-2018-20862
CONFIRM
cpanel — cpanel The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). 2019-07-30 2.1 CVE-2018-20870
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). 2019-08-01 3.5 CVE-2018-20875
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). 2019-08-01 3.5 CVE-2018-20876
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). 2019-08-01 3.5 CVE-2018-20877
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows stored XSS in WHM “File and Directory Restoration” interface (SEC-441). 2019-08-01 3.5 CVE-2018-20878
CONFIRM
cpanel — cpanel cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). 2019-08-01 2.1 CVE-2018-20880
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). 2019-08-01 3.5 CVE-2018-20881
CONFIRM
cpanel — cpanel cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). 2019-08-01 3.5 CVE-2018-20884
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows attackers to read root’s crontab file by leveraging ClamAV installation (SEC-408). 2019-08-01 2.1 CVE-2018-20902
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). 2019-08-01 3.5 CVE-2018-20913
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). 2019-08-01 3.5 CVE-2018-20915
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). 2019-08-01 3.5 CVE-2018-20916
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows any user to disable Solr (SEC-371). 2019-08-01 2.1 CVE-2018-20917
CONFIRM
cpanel — cpanel cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). 2019-07-30 3.5 CVE-2019-14386
MISC
cpanel — cpanel cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). 2019-07-30 2.1 CVE-2019-14389
MISC
cpanel — cpanel cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). 2019-07-30 3.5 CVE-2019-14390
MISC
cpanel — cpanel cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). 2019-07-30 2.1 CVE-2019-14391
MISC
cpanel — cpanel cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). 2019-07-30 2.1 CVE-2019-14394
CONFIRM
cpanel — cpanel cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). 2019-07-30 2.1 CVE-2019-14395
CONFIRM
cpanel — cpanel API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). 2019-07-30 2.1 CVE-2019-14396
CONFIRM
cpanel — cpanel cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). 2019-07-30 2.1 CVE-2019-14402
CONFIRM
cpanel — cpanel cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). 2019-07-30 2.1 CVE-2019-14409
CONFIRM
cpanel — cpanel Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). 2019-07-30 2.1 CVE-2019-14410
CONFIRM
cpanel — cpanel Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). 2019-07-30 2.1 CVE-2019-14412
CONFIRM
cpanel — cpanel In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). 2019-07-30 2.1 CVE-2019-14414
CONFIRM
dependencytrack — dependency-track Dependency-Track before 3.5.1 allows XSS. 2019-07-29 3.5 CVE-2019-1020007
CONFIRM
http-file-server_project — http-file-server Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim’s browser. 2019-07-30 3.5 CVE-2019-5458
MISC
ibm — websphere_application_server IBM WebSphere Application Server – Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim’s click actions or launch other client-side browser attacks. IBM X-Force ID: 160513. 2019-07-30 3.5 CVE-2019-4285
XF
CONFIRM
inveniosoftware — invenio-communities invenio-communities before 1.0.0a20 allows XSS. 2019-07-29 3.5 CVE-2019-1020005
MISC
inveniosoftware — invenio-records invenio-records before 1.2.2 allows XSS. 2019-07-29 3.5 CVE-2019-1020003
MISC
jenkins — configuration_as_code Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. 2019-07-31 2.1 CVE-2019-10343
MLIST
MISC
jenkins — configuration_as_code Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. 2019-07-31 2.1 CVE-2019-10345
MLIST
MISC
jenkins — ec2 Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. 2019-07-31 2.1 CVE-2019-10364
MLIST
MISC
jenkins — m2_release A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. 2019-07-31 3.5 CVE-2019-10360
MLIST
MISC
jenkins — m2release Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. 2019-07-31 2.1 CVE-2019-10361
MLIST
MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. 2019-07-26 2.1 CVE-2018-20855
MISC
MISC
MISC
linux — linux_kernel In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. 2019-07-26 2.1 CVE-2019-14284
MISC
MISC
MISC
microsoft — outlook A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka ‘Outlook for Android Spoofing Vulnerability’. 2019-07-29 3.5 CVE-2019-1105
N/A
min-http-server_project — min-http-server Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim’s browser. 2019-07-30 3.5 CVE-2019-5457
MISC
open.edx — edx-platform edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. 2019-07-29 3.5 CVE-2015-6253
CONFIRM
MISC
veeam — one_reporter Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx. 2019-07-27 3.5 CVE-2019-14297
MISC
veeam — one_reporter Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. 2019-07-27 3.5 CVE-2019-14298
MISC
veritas — resiliency_platform An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user’s browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. 2019-07-29 3.5 CVE-2019-14415
MISC
FULLDISC
MISC
wallaceit — wallacepos Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. 2019-07-31 3.5 CVE-2019-3958
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3proxy — 3proxy webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. 2019-08-01 not yet calculated CVE-2019-14495
MISC
MISC
MISC
adoptopenjdk — icedtea-web It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. 2019-07-31 not yet calculated CVE-2019-10182
CONFIRM
CONFIRM
CONFIRM
adoptopenjdk — icedtea-web It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. 2019-07-31 not yet calculated CVE-2019-10185
CONFIRM
CONFIRM
CONFIRM
adoptopenjdk — icedtea-web It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. 2019-07-31 not yet calculated CVE-2019-10181
CONFIRM
CONFIRM
CONFIRM
advantech — webaccess_hmi_designer In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. 2019-08-02 not yet calculated CVE-2019-10961
MISC

alcatel-lucent_enterprise — 8008_cloud_edition_deskphone_voip_phone

On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. 2019-08-01 not yet calculated CVE-2019-14260
MISC
alcatel — linkzone_mw40-v-v1.0_mw40_02.00_02_devices The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator’s password. 2019-08-02 not yet calculated CVE-2019-7163
MISC
amcrest — ip2m-841b_ip_camera The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and listen to the audio the camera is capturing. 2019-07-29 not yet calculated CVE-2019-3948
MISC
MISC
ansible — ansible A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. 2019-07-30 not yet calculated CVE-2019-10156
CONFIRM
CONFIRM
apache — activemq_client It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. 2019-08-01 not yet calculated CVE-2015-7559
CONFIRM
CONFIRM
apache — solr In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request’s “dataConfig” parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property “enable.dih.dataConfigParam” to true. 2019-08-01 not yet calculated CVE-2019-0193
CONFIRM
apache — tika A carefully crafted or corrupt zip file can cause an OOM in Apache Tika’s RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later. 2019-08-02 not yet calculated CVE-2019-10088
CONFIRM
apache — tika In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later. 2019-08-02 not yet calculated CVE-2019-10093
CONFIRM
apache — tika A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika’s RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later. 2019-08-02 not yet calculated CVE-2019-10094
CONFIRM
apache — vcl Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. 2019-07-29 not yet calculated CVE-2018-11772
MLIST
MLIST
apache — vcl Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. 2019-07-29 not yet calculated CVE-2018-11773
MLIST
MLIST
apache — vcl Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. 2019-07-29 not yet calculated CVE-2018-11774
MLIST
MLIST
avaya — aura_conferencing A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. 2019-07-31 not yet calculated CVE-2019-7000
CONFIRM
bitdefender — multiple_products An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. 2019-07-30 not yet calculated CVE-2019-14242
CONFIRM
cisco — nexus_9000_series_aci_mode_switch_software A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release. 2019-07-31 not yet calculated CVE-2019-1901
CISCO
clmg — clmg CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. 2019-07-31 not yet calculated CVE-2019-13568
MISC
MISC
MISC
clusterlabs — fence-agents A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM’s comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member. 2019-07-30 not yet calculated CVE-2019-10153
CONFIRM
CONFIRM
CONFIRM
cpanel — cpanel cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). 2019-08-01 not yet calculated CVE-2016-10815
MISC
cpanel — cpanel cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). 2019-08-01 not yet calculated CVE-2015-9291
MISC
cpanel — cpanel cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). 2019-08-01 not yet calculated CVE-2016-10823
MISC
cpanel — cpanel cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). 2019-08-01 not yet calculated CVE-2016-10816
MISC
cpanel — cpanel cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). 2019-08-01 not yet calculated CVE-2016-10817
MISC
cpanel — cpanel cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). 2019-08-01 not yet calculated CVE-2016-10818
MISC
cpanel — cpanel In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). 2019-08-01 not yet calculated CVE-2016-10819
MISC
cpanel — cpanel cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). 2019-08-01 not yet calculated CVE-2016-10820
MISC
cpanel — cpanel In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). 2019-08-01 not yet calculated CVE-2016-10821
MISC
cpanel — cpanel cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). 2019-08-01 not yet calculated CVE-2016-10830
MISC
cpanel — cpanel cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). 2019-08-01 not yet calculated CVE-2016-10835
MISC
cpanel — cpanel cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). 2019-08-01 not yet calculated CVE-2016-10824
MISC
cpanel — cpanel cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). 2019-08-01 not yet calculated CVE-2016-10825
MISC
cpanel — cpanel cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). 2019-08-01 not yet calculated CVE-2016-10826
MISC
cpanel — cpanel cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). 2019-08-01 not yet calculated CVE-2016-10827
MISC
cpanel — cpanel cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). 2019-08-01 not yet calculated CVE-2016-10828
MISC
cpanel — cpanel cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). 2019-08-01 not yet calculated CVE-2016-10829
MISC
cpanel — cpanel cPanel before 66.0.2 allows resellers to read other accounts’ domain log files (SEC-288). 2019-08-02 not yet calculated CVE-2017-18426
CONFIRM
cpanel — cpanel cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). 2019-08-01 not yet calculated CVE-2016-10831
MISC
cpanel — cpanel cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). 2019-08-01 not yet calculated CVE-2016-10814
MISC
cpanel — cpanel cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). 2019-08-01 not yet calculated CVE-2016-10856
MISC
cpanel — cpanel cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). 2019-08-01 not yet calculated CVE-2016-10822
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). 2019-08-01 not yet calculated CVE-2016-10853
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). 2019-08-01 not yet calculated CVE-2016-10845
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). 2019-08-01 not yet calculated CVE-2016-10846
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). 2019-08-01 not yet calculated CVE-2016-10847
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). 2019-08-01 not yet calculated CVE-2016-10848
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). 2019-08-01 not yet calculated CVE-2016-10850
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). 2019-08-01 not yet calculated CVE-2016-10837
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). 2019-08-01 not yet calculated CVE-2016-10851
MISC
cpanel — cpanel cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). 2019-08-01 not yet calculated CVE-2016-10852
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). 2019-08-01 not yet calculated CVE-2016-10854
MISC
cpanel — cpanel cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). 2019-08-02 not yet calculated CVE-2017-18384
CONFIRM
cpanel — cpanel cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). 2019-08-01 not yet calculated CVE-2016-10855
MISC
cpanel — cpanel cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). 2019-08-01 not yet calculated CVE-2016-10833
MISC
cpanel — cpanel cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). 2019-08-01 not yet calculated CVE-2016-10858
MISC
cpanel — cpanel cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). 2019-08-01 not yet calculated CVE-2016-10859
MISC
cpanel — cpanel cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). 2019-08-01 not yet calculated CVE-2016-10860
MISC
cpanel — cpanel cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). 2019-08-02 not yet calculated CVE-2017-18382
CONFIRM
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). 2019-08-01 not yet calculated CVE-2016-10838
MISC
cpanel — cpanel cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). 2019-08-01 not yet calculated CVE-2016-10836
MISC
cpanel — cpanel cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). 2019-08-01 not yet calculated CVE-2016-10832
MISC
cpanel — cpanel cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). 2019-08-02 not yet calculated CVE-2017-18386
CONFIRM
cpanel — cpanel cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). 2019-08-01 not yet calculated CVE-2016-10834
MISC
cpanel — cpanel cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). 2019-08-02 not yet calculated CVE-2017-18388
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). 2019-08-02 not yet calculated CVE-2017-18423
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). 2019-08-02 not yet calculated CVE-2017-18424
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). 2019-08-02 not yet calculated CVE-2017-18425
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). 2019-08-02 not yet calculated CVE-2017-18401
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). 2019-08-02 not yet calculated CVE-2017-18405
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows attackers to read root’s crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). 2019-08-02 not yet calculated CVE-2017-18399
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). 2019-08-02 not yet calculated CVE-2017-18392
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). 2019-08-02 not yet calculated CVE-2017-18387
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). 2019-08-02 not yet calculated CVE-2017-18389
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). 2019-08-02 not yet calculated CVE-2017-18421
CONFIRM
cpanel — cpanel DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). 2019-08-02 not yet calculated CVE-2017-18398
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). 2019-08-02 not yet calculated CVE-2017-18390
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). 2019-08-02 not yet calculated CVE-2017-18391
CONFIRM
cpanel — cpanel cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). 2019-08-01 not yet calculated CVE-2016-10813
MISC
cpanel — cpanel cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). 2019-08-02 not yet calculated CVE-2017-18394
CONFIRM
cpanel — cpanel cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). 2019-08-02 not yet calculated CVE-2017-18397
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). 2019-08-02 not yet calculated CVE-2017-18396
CONFIRM
cpanel — cpanel cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). 2019-08-02 not yet calculated CVE-2017-18393
CONFIRM
cpanel — cpanel cPanel before 68.0.15 does not block a username of ssl (SEC-328). 2019-08-02 not yet calculated CVE-2017-18395
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). 2019-08-02 not yet calculated CVE-2017-18422
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). 2019-08-02 not yet calculated CVE-2017-18420
CONFIRM
cpanel — cpanel cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). 2019-08-02 not yet calculated CVE-2017-18383
CONFIRM
cpanel — cpanel cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). 2019-08-02 not yet calculated CVE-2017-18408
CONFIRM
cpanel — cpanel cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). 2019-08-01 not yet calculated CVE-2016-10857
MISC
cpanel — cpanel cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). 2019-08-02 not yet calculated CVE-2017-18385
CONFIRM
cpanel — cpanel In cPanel before 67.9999.103, the backup system overwrites root’s home directory when a mount disappears (SEC-299). 2019-08-02 not yet calculated CVE-2017-18413
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). 2019-08-02 not yet calculated CVE-2017-18402
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). 2019-08-02 not yet calculated CVE-2017-18403
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). 2019-08-02 not yet calculated CVE-2017-18404
CONFIRM
cpanel — cpanel cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). 2019-08-01 not yet calculated CVE-2016-10843
MISC
cpanel — cpanel cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). 2019-08-02 not yet calculated CVE-2017-18406
CONFIRM
cpanel — cpanel cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). 2019-08-02 not yet calculated CVE-2017-18407
CONFIRM
cpanel — cpanel In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). 2019-08-02 not yet calculated CVE-2017-18409
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). 2019-08-02 not yet calculated CVE-2017-18419
CONFIRM
cpanel — cpanel In cPanel before 67.9999.103, a user account’s backup archive could contain all MySQL databases on the server (SEC-284). 2019-08-02 not yet calculated CVE-2017-18410
CONFIRM
cpanel — cpanel The “addon domain conversion” feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). 2019-08-02 not yet calculated CVE-2017-18411
CONFIRM
cpanel — cpanel cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). 2019-08-02 not yet calculated CVE-2017-18412
CONFIRM
cpanel — cpanel cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). 2019-08-02 not yet calculated CVE-2017-18414
CONFIRM
cpanel — cpanel cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). 2019-08-02 not yet calculated CVE-2017-18400
CONFIRM
cpanel — cpanel cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). 2019-08-02 not yet calculated CVE-2017-18415
CONFIRM
cpanel — cpanel cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). 2019-08-02 not yet calculated CVE-2017-18416
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). 2019-08-02 not yet calculated CVE-2017-18417
CONFIRM
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). 2019-08-02 not yet calculated CVE-2017-18418
CONFIRM
cpanel — cpanel The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). 2019-08-01 not yet calculated CVE-2016-10844
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). 2019-08-01 not yet calculated CVE-2016-10849
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). 2019-08-01 not yet calculated CVE-2016-10842
MISC
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). 2019-08-02 not yet calculated CVE-2017-18441
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). 2019-08-02 not yet calculated CVE-2017-18433
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). 2019-08-02 not yet calculated CVE-2017-18434
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). 2019-08-02 not yet calculated CVE-2017-18435
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). 2019-08-02 not yet calculated CVE-2017-18436
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). 2019-08-02 not yet calculated CVE-2017-18437
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). 2019-08-02 not yet calculated CVE-2017-18439
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). 2019-08-02 not yet calculated CVE-2017-18449
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). 2019-08-02 not yet calculated CVE-2017-18440
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). 2019-08-02 not yet calculated CVE-2017-18442
CONFIRM
cpanel — cpanel cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). 2019-08-02 not yet calculated CVE-2017-18431
CONFIRM
cpanel — cpanel cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). 2019-08-01 not yet calculated CVE-2018-20891
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). 2019-08-02 not yet calculated CVE-2017-18444
CONFIRM
cpanel — cpanel cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). 2019-08-02 not yet calculated CVE-2017-18445
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). 2019-08-02 not yet calculated CVE-2017-18446
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). 2019-08-02 not yet calculated CVE-2017-18447
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). 2019-08-02 not yet calculated CVE-2017-18448
CONFIRM
cpanel — cpanel cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). 2019-08-01 not yet calculated CVE-2018-20890
CONFIRM
cpanel — cpanel The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). 2019-08-01 not yet calculated CVE-2016-10841
MISC
cpanel — cpanel cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). 2019-08-01 not yet calculated CVE-2018-20892
CONFIRM
cpanel — cpanel In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). 2019-08-02 not yet calculated CVE-2017-18432
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). 2019-08-02 not yet calculated CVE-2017-18430
CONFIRM
cpanel — cpanel cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). 2019-08-01 not yet calculated CVE-2018-20934
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). 2019-08-02 not yet calculated CVE-2017-18461
CONFIRM
cpanel — cpanel In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). 2019-08-02 not yet calculated CVE-2017-18455
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). 2019-08-02 not yet calculated CVE-2017-18456
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). 2019-08-02 not yet calculated CVE-2017-18457
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). 2019-08-02 not yet calculated CVE-2017-18458
CONFIRM
cpanel — cpanel cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). 2019-08-02 not yet calculated CVE-2017-18454
CONFIRM
cpanel — cpanel cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). 2019-08-02 not yet calculated CVE-2017-18453
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). 2019-08-02 not yet calculated CVE-2017-18460
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). 2019-08-02 not yet calculated CVE-2017-18459
CONFIRM
cpanel — cpanel cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). 2019-08-01 not yet calculated CVE-2018-20888
CONFIRM
cpanel — cpanel cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). 2019-08-02 not yet calculated CVE-2017-18463
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). 2019-08-02 not yet calculated CVE-2017-18438
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). 2019-08-01 not yet calculated CVE-2018-20873
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows self XSS in the WHM “Create a New Account” interface (SEC-428). 2019-08-01 not yet calculated CVE-2018-20874
CONFIRM
cpanel — cpanel cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). 2019-08-01 not yet calculated CVE-2018-20882
CONFIRM
cpanel — cpanel cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). 2019-08-01 not yet calculated CVE-2018-20886
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows attackers to read a user’s crontab file during a short time interval upon a cPAddon upgrade (SEC-257). 2019-08-02 not yet calculated CVE-2017-18451
CONFIRM
cpanel — cpanel cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). 2019-08-01 not yet calculated CVE-2018-20889
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). 2019-08-02 not yet calculated CVE-2017-18452
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). 2019-08-02 not yet calculated CVE-2017-18443
CONFIRM
cpanel — cpanel cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). 2019-08-02 not yet calculated CVE-2017-18450
CONFIRM
cpanel — cpanel cPanel before 68.0.27 allows attackers to read root’s crontab file during a short time interval upon a post-update task (SEC-352). 2019-08-01 not yet calculated CVE-2018-20943
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). 2019-08-01 not yet calculated CVE-2018-20899
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS in via a WHM “Reset a DNS Zone” action (SEC-412). 2019-08-01 not yet calculated CVE-2018-20935
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). 2019-08-01 not yet calculated CVE-2018-20909
CONFIRM
cpanel — cpanel cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). 2019-08-01 not yet calculated CVE-2018-20936
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). 2019-08-02 not yet calculated CVE-2017-18428
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). 2019-08-01 not yet calculated CVE-2018-20900
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). 2019-08-01 not yet calculated CVE-2018-20904
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). 2019-08-01 not yet calculated CVE-2018-20906
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). 2019-08-01 not yet calculated CVE-2018-20930
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). 2019-08-01 not yet calculated CVE-2018-20907
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). 2019-08-01 not yet calculated CVE-2018-20908
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). 2019-08-01 not yet calculated CVE-2018-20924
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). 2019-08-01 not yet calculated CVE-2018-20896
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). 2019-08-01 not yet calculated CVE-2018-20925
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). 2019-08-01 not yet calculated CVE-2018-20926
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). 2019-08-01 not yet calculated CVE-2018-20927
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). 2019-08-01 not yet calculated CVE-2018-20928
CONFIRM
cpanel — cpanel cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). 2019-08-01 not yet calculated CVE-2018-20929
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). 2019-08-02 not yet calculated CVE-2017-18429
CONFIRM
cpanel — cpanel In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). 2019-08-02 not yet calculated CVE-2017-18427
CONFIRM
cpanel — cpanel cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). 2019-08-01 not yet calculated CVE-2016-10839
MISC
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). 2019-08-01 not yet calculated CVE-2016-10840
MISC
cpanel — cpanel cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). 2019-08-01 not yet calculated CVE-2018-20897
CONFIRM
cpanel — cpanel cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). 2019-08-01 not yet calculated CVE-2018-20898
CONFIRM
cpanel — cpanel In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). 2019-08-01 not yet calculated CVE-2018-20895
CONFIRM
cpanel — cpanel cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). 2019-08-01 not yet calculated CVE-2018-20947
CONFIRM
cpanel — cpanel cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). 2019-08-01 not yet calculated CVE-2018-20937
CONFIRM
cpanel — cpanel cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). 2019-08-01 not yet calculated CVE-2018-20939
CONFIRM
cpanel — cpanel cPanel before 68.0.27 allows attackers to read root’s crontab file during a short time interval upon the enabling of backups (SEC-342). 2019-08-01 not yet calculated CVE-2018-20940
CONFIRM
cpanel — cpanel cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). 2019-08-01 not yet calculated CVE-2018-20941
CONFIRM
cpanel — cpanel cPanel before 68.0.27 allows attackers to read root’s crontab file during a short time interval upon configuring crontab (SEC-351). 2019-08-01 not yet calculated CVE-2018-20942
CONFIRM
cpanel — cpanel cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). 2019-08-01 not yet calculated CVE-2018-20944
CONFIRM
cpanel — cpanel cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).