The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7968 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7969 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7970 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7971 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7972 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7973 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7974 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7975 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 9.3 | CVE-2019-7976 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7990 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7992 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7993 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 9.3 | CVE-2019-7994 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7997 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-7998 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 10.0 | CVE-2019-8001 CONFIRM |
| alfresco -- alfresco | The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. | 2019-08-26 | 7.5 | CVE-2019-15566 MISC MISC |
| altavoz -- prontuscms | cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter. | 2019-08-26 | 10.0 | CVE-2019-15503 MISC |
| arrayfire -- arrayfire | An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption. | 2019-08-26 | 7.5 | CVE-2018-20998 MISC |
| bedita -- bedita | BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. | 2019-08-26 | 7.5 | CVE-2019-15570 MISC |
| cdemu -- libmirage | filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user. | 2019-08-25 | 7.2 | CVE-2019-15540 SUSE SUSE MISC MISC MISC |
| compassionuk -- compassion_switzerland | The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. | 2019-08-26 | 7.5 | CVE-2019-15564 MISC |
| crossbeam_project -- crossbeam | An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. | 2019-08-26 | 7.5 | CVE-2018-20996 MISC |
| cszcms -- csz_cms | CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | 2019-08-26 | 7.5 | CVE-2019-15524 MISC MISC |
| dlink -- dir-823g_firmware | An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. | 2019-08-23 | 9.0 | CVE-2019-15526 MISC |
| dlink -- dir-823g_firmware | An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. | 2019-08-23 | 9.0 | CVE-2019-15527 MISC |
| dlink -- dir-823g_firmware | An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. | 2019-08-23 | 9.0 | CVE-2019-15528 MISC |
| dlink -- dir-823g_firmware | An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | 2019-08-23 | 9.0 | CVE-2019-15529 MISC |
| dlink -- dir-823g_firmware | An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. | 2019-08-23 | 9.0 | CVE-2019-15530 MISC |
| genetechsolutions -- pie_register | The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. | 2019-08-27 | 7.5 | CVE-2019-15659 MISC MISC |
| getvera -- vera_edge_firmware | cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh. | 2019-08-23 | 9.3 | CVE-2019-15498 MISC |
| gorm -- gorm | GORM before 1.9.10 allows SQL injection via incomplete parentheses. | 2019-08-26 | 7.5 | CVE-2019-15562 MISC MISC |
| imagely -- nextgen_gallery | A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.10 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. | 2019-08-27 | 7.5 | CVE-2019-14314 MISC MISC |
| kaseya -- virtual_system_administrator | An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected. | 2019-08-26 | 7.8 | CVE-2019-15506 MISC MISC |
| lexmark -- 6500e_firmware | Various Lexmark products have an Integer Overflow. | 2019-08-28 | 10.0 | CVE-2019-9930 CONFIRM |
| linux -- linux_kernel | drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). | 2019-08-23 | 10.0 | CVE-2019-15504 MISC |
| linux -- linux_kernel | drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | 2019-08-23 | 10.0 | CVE-2019-15505 MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. | 2019-08-27 | 7.8 | CVE-2019-15666 MISC MISC |
| mixin-deep_project -- mixin-deep | mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | 2019-08-23 | 7.5 | CVE-2019-10746 MISC |
| ncurses_project -- ncurses | An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled. | 2019-08-26 | 7.5 | CVE-2019-15548 MISC |
| ohdsi -- webapi | Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. | 2019-08-26 | 7.5 | CVE-2019-15563 MISC MISC MISC |
| openwrt -- libuci | An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. | 2019-08-23 | 7.8 | CVE-2019-15513 MISC |
| paloaltonetworks -- pan-os | Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | 2019-08-23 | 10.0 | CVE-2019-1580 CONFIRM |
| paloaltonetworks -- pan-os | Mitigation bypass in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to execute arbitrary code by crafting a malicious message. | 2019-08-23 | 7.5 | CVE-2019-1581 CONFIRM |
| raml-module-builder_project -- raml-module-builder | Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. | 2019-08-26 | 7.5 | CVE-2019-15534 MISC |
| servo -- smallvec | An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. | 2019-08-26 | 7.5 | CVE-2018-20991 MISC |
| slickremix -- feed_them_social | The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button. | 2019-08-27 | 7.5 | CVE-2015-9351 MISC |
| spoon-library -- spoon_library | Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. | 2019-08-26 | 7.5 | CVE-2019-15521 MISC MISC MISC |
| themekraft -- buddyforms | The buddyforms plugin before 2.2.8 for WordPress has SQL injection. | 2019-08-27 | 7.5 | CVE-2018-21003 MISC MISC |
| wp-polls_project -- wp-polls | The wp-polls plugin before 2.72 for WordPress has SQL injection. | 2019-08-27 | 7.5 | CVE-2015-9352 MISC |
| xm-online -- xm^online_2_-_common_utils_and_endpoints | XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. | 2019-08-26 | 7.5 | CVE-2019-15558 MISC |
| xymon -- xymon | In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. | 2019-08-27 | 7.5 | CVE-2019-13451 MISC CONFIRM CONFIRM |
| xymon -- xymon | In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. | 2019-08-27 | 7.5 | CVE-2019-13452 MISC CONFIRM CONFIRM |
| xymon -- xymon | In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c. | 2019-08-27 | 7.5 | CVE-2019-13455 MISC CONFIRM CONFIRM |
| xymon -- xymon | In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. | 2019-08-27 | 7.5 | CVE-2019-13484 MISC CONFIRM CONFIRM |
| xymon -- xymon | In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. | 2019-08-27 | 7.5 | CVE-2019-13485 MISC CONFIRM CONFIRM |
| xymon -- xymon | In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c. | 2019-08-27 | 7.5 | CVE-2019-13486 MISC CONFIRM CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. | 2019-08-26 | 4.3 | CVE-2019-7977 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7978 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7979 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7980 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. | 2019-08-26 | 4.3 | CVE-2019-7981 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7982 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7983 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7984 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7985 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7986 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. | 2019-08-26 | 4.3 | CVE-2019-7987 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7988 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-08-26 | 6.8 | CVE-2019-7989 CONFIRM MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. | 2019-08-26 | 6.8 | CVE-2019-7991 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. | 2019-08-26 | 6.8 | CVE-2019-7995 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. | 2019-08-26 | 6.8 | CVE-2019-7996 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. | 2019-08-26 | 4.3 | CVE-2019-7999 CONFIRM |
| adobe -- photoshop_cc | Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. | 2019-08-26 | 4.3 | CVE-2019-8000 CONFIRM |
| alkacon -- opencms | In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. | 2019-08-27 | 4.3 | CVE-2019-13236 MISC MISC MISC |
| alkacon -- opencms_apollo_template | In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. | 2019-08-27 | 4.3 | CVE-2019-13234 MISC MISC |
| alkacon -- opencms_apollo_template | In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. | 2019-08-27 | 4.3 | CVE-2019-13235 MISC MISC |
| alkacon -- opencms_apollo_template | In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp. | 2019-08-27 | 4.0 | CVE-2019-13237 MISC MISC |
| atlassian -- jira | The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. | 2019-08-23 | 4.3 | CVE-2019-11584 MISC |
| atlassian -- jira | The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | 2019-08-23 | 5.8 | CVE-2019-11585 MISC |
| atlassian -- jira | The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. | 2019-08-23 | 4.3 | CVE-2019-11586 MISC |
| atlassian -- jira | Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | 2019-08-23 | 4.3 | CVE-2019-11587 MISC |
| atlassian -- jira | The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability. | 2019-08-23 | 4.3 | CVE-2019-11588 MISC |
| atlassian -- jira | The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | 2019-08-23 | 5.8 | CVE-2019-11589 MISC |
| atlassian -- jira | Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. | 2019-08-23 | 5.0 | CVE-2019-8445 MISC |
| atlassian -- jira | The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 2019-08-23 | 5.0 | CVE-2019-8446 MISC |
| atlassian -- jira | The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. | 2019-08-23 | 4.3 | CVE-2019-8447 MISC |
| atlassian -- universal_plugin_manager | The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator. | 2019-08-23 | 4.3 | CVE-2019-14999 MISC |
| autodesk -- design_review | DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution. | 2019-08-23 | 6.8 | CVE-2019-7362 CONFIRM |
| autodesk -- design_review | Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution. | 2019-08-23 | 6.8 | CVE-2019-7363 CONFIRM |
| automattic -- akismet | The akismet plugin before 3.1.5 for WordPress has XSS. | 2019-08-28 | 4.3 | CVE-2015-9357 MISC |
| automattic -- jetpack | The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | 4.3 | CVE-2015-9359 MISC MISC |
| bestwebsoft -- timesheet | The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. | 2019-08-27 | 4.3 | CVE-2017-18590 MISC |
| bloodhound_project -- bloodhound | components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name. | 2019-08-27 | 6.8 | CVE-2019-15701 MISC |
| bologer -- anycomment | The anycomment plugin before 0.0.33 for WordPress has XSS. | 2019-08-27 | 4.3 | CVE-2018-21001 MISC |
| bolt -- bolt | Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. | 2019-08-23 | 4.3 | CVE-2019-15483 MISC MISC |
| bolt -- bolt | Bolt before 3.6.10 has XSS via an image's alt or title field. | 2019-08-23 | 4.3 | CVE-2019-15484 MISC MISC |
| bolt -- bolt | Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. | 2019-08-23 | 4.3 | CVE-2019-15485 MISC MISC |
| check_email_project -- check_email | The check-email plugin before 0.5.2 for WordPress has XSS. | 2019-08-27 | 4.3 | CVE-2016-10934 MISC |
| claxon_project -- claxon | An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled. | 2019-08-26 | 4.3 | CVE-2018-20992 MISC |
| codepeople -- polls_cp | The cp-polls plugin before 1.0.5 for WordPress has XSS. | 2019-08-27 | 4.3 | CVE-2015-9346 MISC |
| codepeople -- sell_downloads | The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | 2019-08-27 | 5.0 | CVE-2015-9348 MISC |
| comelz -- quark | comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | 2019-08-23 | 5.0 | CVE-2019-15520 MISC |
| cookie_project -- cookie | An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic. | 2019-08-26 | 5.0 | CVE-2017-18589 MISC |
| discourse -- discourse | Discourse 2.3.2 sends the CSRF token in the query string. | 2019-08-26 | 4.3 | CVE-2019-15515 MISC |
| easyupdatesmanager -- easy_updates_manager | The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. | 2019-08-27 | 4.0 | CVE-2019-15650 MISC MISC |
| elearningfreak -- insert_or_embed_articulate_content | The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. | 2019-08-27 | 5.5 | CVE-2019-15648 MISC MISC |
| elearningfreak -- insert_or_embed_articulate_content | The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. | 2019-08-27 | 6.5 | CVE-2019-15649 MISC MISC |
| eng -- knowage | In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | 2019-08-28 | 4.3 | CVE-2019-13189 MISC |
| eng -- knowage | In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. | 2019-08-28 | 4.0 | CVE-2019-13348 MISC |
| etoilewebdesign -- ultimate_faq | The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | 2019-08-27 | 4.3 | CVE-2019-15643 MISC MISC |
| former_project -- former | Former before 4.2.1 has XSS via a checkbox value. | 2019-08-23 | 4.3 | CVE-2019-15476 MISC MISC |
| fortiguard -- fortios_ips_engine | Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. | 2019-08-23 | 4.3 | CVE-2019-5592 CONFIRM |
| fortinet -- fortinac | An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | 2019-08-23 | 4.3 | CVE-2019-5594 CONFIRM |
| fortinet -- fortios | An information exposure vulnerability in FortiOS 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | 2019-08-23 | 5.0 | CVE-2018-13367 CONFIRM |
| gchq -- cyberchef | CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | 2019-08-26 | 4.3 | CVE-2019-15532 MISC MISC MISC MISC |
| gdragon -- gd_rating_system | The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php. | 2019-08-27 | 4.3 | CVE-2017-18591 MISC |
| gnu -- libextractor | GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | 2019-08-23 | 4.3 | CVE-2019-15531 MISC MLIST |
| gnuboard -- gnuboard5 | GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | 2019-08-26 | 4.3 | CVE-2018-18668 MISC MISC CONFIRM |
| groundhogg -- groundhogg | The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution. | 2019-08-27 | 6.5 | CVE-2019-15647 MISC MISC MISC |
| hackmd -- codimd | CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. | 2019-08-23 | 4.3 | CVE-2019-15499 MISC |
| httpie -- httpie | All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. | 2019-08-23 | 5.8 | CVE-2019-10751 MISC MISC |
| ibm -- security_access_manager_for_enterprise_single_sign-on | IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555. | 2019-08-26 | 6.4 | CVE-2019-4513 CONFIRM XF |
| igniterealtime -- openfire | Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. | 2019-08-23 | 4.3 | CVE-2019-15488 MISC MISC |
| impress -- wp_rollback | The wp-rollback plugin before 1.2.3 for WordPress has XSS. | 2019-08-27 | 4.3 | CVE-2015-9342 MISC |
| impress -- wp_rollback | The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | 2019-08-27 | 6.8 | CVE-2015-9343 MISC |
| instamojo -- payment_gateway | card/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugin 1.0.7 for WordPress allows Parameter Tampering in the sign parameter, as demonstrated by purchasing an item for lower than the intended price. | 2019-08-29 | 5.0 | CVE-2019-14977 MISC |
| ithemes -- authorize.net | Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | 4.3 | CVE-2015-9365 MISC MISC |
| ithemes -- exchange | iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | 4.3 | CVE-2015-9363 MISC MISC |
| ithemes -- mobile | iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | 4.3 | CVE-2015-9376 MISC MISC |
| jc21 -- nginx_proxy_manager | jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | 2019-08-23 | 4.9 | CVE-2019-15517 MISC MISC |
| jenkins -- splunk | A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 2019-08-28 | 6.5 | CVE-2019-10390 MLIST MISC |
| jooby -- jooby | Jooby before 1.6.4 has XSS via the default error handler. | 2019-08-23 | 4.3 | CVE-2019-15477 MISC |
| laracom -- laracom | laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. | 2019-08-26 | 4.3 | CVE-2019-15489 MISC |
| lexmark -- 6500e_firmware | Various Lexmark products have Incorrect Access Control. | 2019-08-28 | 6.4 | CVE-2019-10058 CONFIRM |
| lexmark -- cs31x_firmware | Various Lexmark products have CSRF. | 2019-08-28 | 4.3 | CVE-2019-10057 CONFIRM |
| lexmark -- cs31x_firmware | Various Lexmark products have Incorrect Access Control (issue 1 of 2). | 2019-08-28 | 5.0 | CVE-2019-9934 CONFIRM |
| lexmark -- cs31x_firmware | Various Lexmark products have Incorrect Access Control (issue 2 of 2). | 2019-08-28 | 5.0 | CVE-2019-9935 CONFIRM |
| lsoft -- listserv | Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | 2019-08-26 | 4.3 | CVE-2019-15501 MISC EXPLOIT-DB |
| manageyourteam -- myt_project_management | MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | 2019-08-28 | 6.8 | CVE-2019-15496 MISC |
| microfocus -- content_manager | Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. | 2019-08-30 | 4.0 | CVE-2019-11658 CONFIRM |
| microfocus -- verastream_host_integrato | Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | 2019-08-23 | 5.0 | CVE-2019-11654 CONFIRM |
| micropyramid -- django_crm | Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/. | 2019-08-27 | 6.8 | CVE-2019-11457 MISC FULLDISC MISC |
| my_calendar_project -- my_calendar | The my-calendar plugin before 3.1.10 for WordPress has XSS. | 2019-08-28 | 4.3 | CVE-2019-15713 MISC |
| ncurses_project -- ncurses | An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. | 2019-08-26 | 6.4 | CVE-2019-15547 MISC |
| never5 -- post_connector | The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | 4.3 | CVE-2015-9362 MISC |
| obdev -- little_snitch | Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root. | 2019-08-23 | 4.9 | CVE-2019-13013 MISC |
| obdev -- little_snitch | Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade. | 2019-08-23 | 4.9 | CVE-2019-13014 MISC |
| octopus -- octopus_deploy | In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10. | 2019-08-27 | 4.0 | CVE-2019-15698 MISC |
| paloaltonetworks -- pan-os | Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | 2019-08-23 | 6.5 | CVE-2019-1582 CONFIRM |
| paloaltonetworks -- twistlock | Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | 2019-08-23 | 6.0 | CVE-2019-1583 CONFIRM |
| pancurses_project -- pancurses | An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities. | 2019-08-26 | 6.4 | CVE-2019-15546 MISC |
| plot -- plotly | The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. | 2019-08-27 | 4.3 | CVE-2015-9347 MISC |
| portaudio_project -- portaudio | An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. | 2019-08-26 | 4.3 | CVE-2016-10933 MISC |
| redirection -- redirection | The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. | 2019-08-28 | 4.3 | CVE-2011-5329 MISC |
| redirection -- redirection | The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. | 2019-08-28 | 4.3 | CVE-2012-6717 MISC |
| search-guard -- search_guard | Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database. | 2019-08-23 | 4.0 | CVE-2019-13421 CONFIRM MISC MISC |
| search-guard -- search_guard | Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | 2019-08-23 | 5.8 | CVE-2019-13422 CONFIRM MISC |
| search-guard -- search_guard | Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time | 2019-08-23 | 6.5 | CVE-2019-13423 CONFIRM MISC |
| slickremix -- feed_them_social | The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. | 2019-08-27 | 4.3 | CVE-2015-9350 MISC |
| status_board_project -- status_board | Status Board 1.1.81 has reflected XSS via logic.ts. | 2019-08-26 | 4.3 | CVE-2019-15478 MISC |
| status_board_project -- status_board | Status Board 1.1.81 has reflected XSS via dashboard.ts. | 2019-08-26 | 4.3 | CVE-2019-15479 MISC |
| swoole -- swoole | Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | 2019-08-23 | 5.0 | CVE-2019-15518 MISC MISC |
| telegram -- telegram | The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers. | 2019-08-23 | 5.0 | CVE-2019-15514 MISC |
| trust-dns-proto_project -- trust-dns-proto | An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. | 2019-08-26 | 5.0 | CVE-2018-20994 MISC |
| untrusted_project -- untrusted | An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic. | 2019-08-26 | 5.0 | CVE-2018-20989 MISC |
| updraftplus -- updraftplus | The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | 4.3 | CVE-2015-9360 MISC MISC |
| updraftplus -- updraftplus | The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file. | 2019-08-28 | 4.3 | CVE-2017-18593 MISC |
| watchguard -- fireware | The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 2019-08-23 | 5.8 | CVE-2016-6154 MISC |
| webassembly -- binaryen | An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. | 2019-08-28 | 5.0 | CVE-2019-15759 MISC MISC |
| webmin -- webmin | xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi. | 2019-08-26 | 6.8 | CVE-2019-15641 MISC |
| webtoffee -- import_export_wordpress_users | The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. | 2019-08-23 | 6.0 | CVE-2019-15092 MISC MISC MISC |
| woocommerce -- paypal_checkout_payment_gateway | cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. | 2019-08-29 | 5.0 | CVE-2019-14979 MISC |
| woocommerce -- payu_india_payment_gateway | /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. | 2019-08-29 | 5.0 | CVE-2019-14978 MISC |
| wp-members_project -- wp-members | The wp-members plugin before 3.2.8 for WordPress has CSRF. | 2019-08-27 | 6.8 | CVE-2019-15660 MISC |
| wp-polls_project -- wp-polls | The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. | 2019-08-27 | 4.3 | CVE-2016-10936 MISC |
| xymon -- xymon | In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | 2019-08-27 | 4.3 | CVE-2019-13274 MISC CONFIRM |
| yaml-rust_project -- yaml-rust | An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. | 2019-08-26 | 5.0 | CVE-2018-20993 MISC |
| zoho -- salesiq | The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. | 2019-08-27 | 4.3 | CVE-2019-15644 MISC MISC |
| zoho -- salesiq | The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. | 2019-08-27 | 6.8 | CVE-2019-15645 MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| atlassian -- jira | The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. | 2019-08-23 | 3.5 | CVE-2019-8444 MISC |
| domoticz -- domoticz | Domoticz 4.10717 has XSS via item.Name. | 2019-08-23 | 3.5 | CVE-2019-15480 MISC MISC |
| librenms -- librenms | LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account. | 2019-08-28 | 3.5 | CVE-2019-15230 MISC |
| octopus -- server | In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | 2019-08-23 | 3.5 | CVE-2019-15507 MISC |
| octopus -- server | In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. | 2019-08-23 | 3.5 | CVE-2019-15508 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| androvideo -- advan_vd-1_firmware | A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication. | 2019-08-28 | not yet calculated | CVE-2019-13406 CONFIRM CONFIRM CONFIRM |
| androvideo -- advan_vd-1_firmware |
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. | 2019-08-28 | not yet calculated | CVE-2019-11064 CONFIRM CONFIRM CONFIRM |
| androvideo -- advan_vd-1_firmware |
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. | 2019-08-28 | not yet calculated | CVE-2019-13407 CONFIRM CONFIRM CONFIRM |
| androvideo -- advan_vd-1_firmware |
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. | 2019-08-28 | not yet calculated | CVE-2019-13408 CONFIRM CONFIRM CONFIRM |
| androvideo -- advan_vd-1_firmware |
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software. | 2019-08-28 | not yet calculated | CVE-2019-13405 CONFIRM CONFIRM CONFIRM |
| apache -- commons_compress |
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. | 2019-08-30 | not yet calculated | CVE-2019-12402 MISC |
| apache -- santuario_xml_security_for_java |
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. | 2019-08-23 | not yet calculated | CVE-2019-12400 CONFIRM |
| apport -- apport |
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system. | 2019-08-29 | not yet calculated | CVE-2019-7307 MISC MISC |
| asus -- hg100_firmware |
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. | 2019-08-28 | not yet calculated | CVE-2019-11060 CONFIRM CONFIRM CONFIRM |
| asus -- hg100_firmware |
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. | 2019-08-28 | not yet calculated | CVE-2019-11061 CONFIRM CONFIRM CONFIRM |
| asus -- smarthome_app |
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. | 2019-08-28 | not yet calculated | CVE-2019-11063 CONFIRM CONFIRM CONFIRM |
| asymmetric-infosec -- power-response |
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | 2019-08-23 | not yet calculated | CVE-2019-15519 MISC |
| atlassian -- confluence_server_and_confluence_data_center |
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability. | 2019-08-29 | not yet calculated | CVE-2019-3394 MISC MISC |
| autodesk -- multiple_products |
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution. | 2019-08-23 | not yet calculated | CVE-2019-7364 CONFIRM |
| avira -- avira_free_security_suite |
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory. | 2019-08-29 | not yet calculated | CVE-2019-11396 FULLDISC |
| bitrock -- installbuilder |
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature. | 2019-08-28 | not yet calculated | CVE-2019-5530 MISC |
| black_box -- icompel |
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP. | 2019-08-26 | not yet calculated | CVE-2019-15497 MISC |
| cdemu -- libmirage |
libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. | 2019-08-28 | not yet calculated | CVE-2019-15757 MISC MISC |
| cesnet -- proxystatistics-simplesamlphp-module |
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. | 2019-08-23 | not yet calculated | CVE-2019-15537 MISC MISC |
| chan_zuckerberg_intiative -- idseq-web |
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. | 2019-08-26 | not yet calculated | CVE-2019-15568 MISC |
| check_point -- endpoint_security_initial_client_for_windows |
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user. | 2019-08-29 | not yet calculated | CVE-2019-8461 MISC |
| cisco -- ios_xe_software |
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information. | 2019-08-28 | not yet calculated | CVE-2019-12643 CISCO |
| cisco -- nexus_9000_series_switches |
A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism. | 2019-08-30 | not yet calculated | CVE-2019-1977 CISCO |
| cisco -- nx-os_software |
A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection. | 2019-08-28 | not yet calculated | CVE-2019-1965 CISCO |
| cisco -- nx-os_software |
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. | 2019-08-30 | not yet calculated | CVE-2019-1968 CISCO |
| cisco -- nx-os_software |
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name. | 2019-08-30 | not yet calculated | CVE-2019-1969 CISCO |
| cisco -- nx-os_software |
A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device. | 2019-08-28 | not yet calculated | CVE-2019-1964 CISCO |
| cisco -- nx-os_software |
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. | 2019-08-28 | not yet calculated | CVE-2019-1963 CISCO |
| cisco -- nx-os_software |
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information. | 2019-08-28 | not yet calculated | CVE-2019-1962 CISCO |
| cisco -- nx-os_software |
A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default. | 2019-08-30 | not yet calculated | CVE-2019-1967 CISCO |
| cisco -- unified_computing_system_fabric_interconnect_software |
A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device. | 2019-08-30 | not yet calculated | CVE-2019-1966 CISCO |
| citrix -- storefront_server |
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. | 2019-08-29 | not yet calculated | CVE-2019-13608 CONFIRM |
| clonos -- control-pane |
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. | 2019-08-26 | not yet calculated | CVE-2019-15571 MISC |
| commscope -- arris_tr4400_devices |
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within https://ift.tt/2NtuWu7. Any user connected to the Wi-Fi can exploit this. | 2019-08-29 | not yet calculated | CVE-2019-15805 MISC |
| commscope -- arris_tr4400_devices |
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within https://ift.tt/2MMopKi. Any user connected to the Wi-Fi can exploit this. | 2019-08-29 | not yet calculated | CVE-2019-15806 MISC |
| comodo -- comodo_antivirus |
A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container. | 2019-08-28 | not yet calculated | CVE-2019-14694 MISC MISC |
| cuberite -- cuberite |
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. | 2019-08-23 | not yet calculated | CVE-2019-15516 MISC |
| d-link -- dir-825ac_g1_devices |
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. | 2019-08-27 | not yet calculated | CVE-2019-13264 MISC MISC |
| d-link -- dir-825ac_g1_devices |
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. | 2019-08-27 | not yet calculated | CVE-2019-13263 MISC MISC |
| d-link -- dir-825ac_g1_devices |
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) | 2019-08-27 | not yet calculated | CVE-2019-13265 MISC MISC |
| datalogic -- av7000_linear_barcode_scanner |
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. | 2019-08-30 | not yet calculated | CVE-2019-13526 MISC |
| deeply -- deeply |
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload. | 2019-08-23 | not yet calculated | CVE-2019-10750 MISC |
| delta_controls -- entelibus_manager |
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. | 2019-08-26 | not yet calculated | CVE-2019-9569 MISC MISC |
| dfe-digital -- schools-experience |
DfE School Experience before v16333-GA has XSS via a teacher training URL. | 2019-08-23 | not yet calculated | CVE-2019-15487 MISC MISC |
| dianoxdrago -- hawn |
DianoxDragon Hawn before 2019-07-10 allows SQL injection. | 2019-08-26 | not yet calculated | CVE-2019-15559 MISC |
| django-js-reverse -- django-js-reverse |
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | 2019-08-23 | not yet calculated | CVE-2019-15486 MISC MISC |
| docker -- docker_desktop_community_edition |
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | 2019-08-28 | not yet calculated | CVE-2019-15752 MISC |
| domainmod -- domainmod |
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | 2019-08-29 | not yet calculated | CVE-2019-15811 MISC MISC MISC |
| dovecot -- dovecot_and_pigeonhole |
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. | 2019-08-29 | not yet calculated | CVE-2019-11500 CONFIRM CONFIRM MLIST FEDORA GENTOO MISC |
| edimax -- br-6208ac_devices | Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) | 2019-08-27 | not yet calculated | CVE-2019-13271 MISC MISC |
| edimax -- br-6208ac_devices |
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. | 2019-08-27 | not yet calculated | CVE-2019-13269 MISC MISC |
| edimax -- br-6208ac_devices |
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. | 2019-08-27 | not yet calculated | CVE-2019-13270 MISC MISC |
| entropic -- entropic |
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. | 2019-08-28 | not yet calculated | CVE-2019-15714 MISC |
| eques -- elf_smart_plug_and_mobile_app |
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off. | 2019-08-29 | not yet calculated | CVE-2019-15745 MISC MISC MISC MISC MISC |
| estsoft -- alsee |
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. | 2019-08-30 | not yet calculated | CVE-2019-12810 CONFIRM |
| flashlingo -- flashlingo |
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. | 2019-08-26 | not yet calculated | CVE-2019-15561 MISC |
| fontforge -- fontforge |
FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. | 2019-08-29 | not yet calculated | CVE-2019-15785 MISC |
| fortinet -- fortimanager | Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods. | 2019-08-23 | not yet calculated | CVE-2019-6695 CONFIRM |
| fortinet -- fortirecorder |
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | 2019-08-23 | not yet calculated | CVE-2019-6698 CONFIRM |
| fortinet -- fortiweb |
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | 2019-08-28 | not yet calculated | CVE-2019-5590 BID CONFIRM |
| frappe -- frappe_framework |
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. | 2019-08-27 | not yet calculated | CVE-2019-15700 MISC |
| freebsd -- freebsd |
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. | 2019-08-30 | not yet calculated | CVE-2019-5610 MISC BUGTRAQ CONFIRM |
| freebsd -- freebsd |
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. | 2019-08-30 | not yet calculated | CVE-2019-5608 CONFIRM |
| freebsd -- freebsd |
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host. | 2019-08-30 | not yet calculated | CVE-2019-5609 CONFIRM |
| freebsd -- freebsd |
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer. | 2019-08-30 | not yet calculated | CVE-2019-5612 CONFIRM |
| freebsd -- freebsd |
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. | 2019-08-30 | not yet calculated | CVE-2019-5611 MISC BUGTRAQ CONFIRM |
| gallagher -- command_centre |
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file. | 2019-08-28 | not yet calculated | CVE-2019-15294 CONFIRM MISC |
| gesior-aac -- gesior-aac |
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. | 2019-08-26 | not yet calculated | CVE-2019-15573 MISC |
| gesior-aac -- gesior-aac |
Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. | 2019-08-26 | not yet calculated | CVE-2019-15572 MISC |
| gesior-aac -- gesior-aac |
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. | 2019-08-26 | not yet calculated | CVE-2019-15574 MISC |
| gitlab -- gitlab |
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. | 2019-08-29 | not yet calculated | CVE-2019-14943 CONFIRM MISC MISC |
| gnu -- chess |
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. | 2019-08-28 | not yet calculated | CVE-2019-15767 MISC MISC |
| haivision -- secure_reliable_transport |
Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections. | 2019-08-29 | not yet calculated | CVE-2019-15784 MISC |
| hm_courts_and_tribunals_service -- ccd-data-store-api |
HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. | 2019-08-26 | not yet calculated | CVE-2019-15569 MISC |
| hot -- tasking_manager |
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | 2019-08-23 | not yet calculated | CVE-2019-15535 MISC MISC |
| ibm -- cloud_automation_manager |
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. | 2019-08-29 | not yet calculated | CVE-2019-4132 CONFIRM XF |
| ibm -- cloud_automation_manager |
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. | 2019-08-29 | not yet calculated | CVE-2019-4133 XF CONFIRM |
| ibm -- db2_high_performance_unload_for_linux__unix_and_windows | IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489. | 2019-08-26 | not yet calculated | CVE-2019-4448 CONFIRM XF |
| ibm -- db2_high_performance_unload_for_linux__unix_and_windows |
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488. | 2019-08-26 | not yet calculated | CVE-2019-4447 CONFIRM XF |
| ibm -- i |
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592. | 2019-08-29 | not yet calculated | CVE-2019-4536 XF CONFIRM |
| ibm -- open_power_firmware |
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. | 2019-08-26 | not yet calculated | CVE-2019-4169 CONFIRM XF |
| icommktconnector -- icommktconnector |
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. | 2019-08-26 | not yet calculated | CVE-2019-15565 MISC |
| inner_heaven_project -- libzetta.rs |
libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. | 2019-08-29 | not yet calculated | CVE-2019-15787 MISC |
| insyde -- multiple_software_tools |
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08. | 2019-08-26 | not yet calculated | CVE-2019-12532 MISC CONFIRM |
| irssi -- irssi |
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. | 2019-08-29 | not yet calculated | CVE-2019-15717 MLIST MLIST CONFIRM |
| it-novum -- openitcockpit |
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | 2019-08-23 | not yet calculated | CVE-2019-15491 MISC |
| it-novum -- openitcockpit |
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | 2019-08-23 | not yet calculated | CVE-2019-15492 MISC |
| it-novum -- openitcockpit |
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | 2019-08-23 | not yet calculated | CVE-2019-15493 MISC |
| it-novum -- openitcockpit |
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | 2019-08-23 | not yet calculated | CVE-2019-15494 MISC |
| it-novum -- openitcockpit |
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. | 2019-08-23 | not yet calculated | CVE-2019-15490 MISC |
| jenkins -- jenkins |
Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | 2019-08-28 | not yet calculated | CVE-2019-10391 MLIST MISC |
| jenkins -- jenkins |
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. | 2019-08-28 | not yet calculated | CVE-2019-10383 MLIST MISC |
| jenkins -- jenkins |
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. | 2019-08-28 | not yet calculated | CVE-2019-10384 MLIST MISC |
| kimai2 -- kimai2 |
Kimai v2 before 1.1 has XSS via a timesheet description. | 2019-08-23 | not yet calculated | CVE-2019-15481 MISC MISC |
| kubernetes -- kubernetes | The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | 2019-08-28 | not yet calculated | CVE-2019-11249 CONFIRM MLIST |
| kubernetes -- kubernetes |
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. | 2019-08-28 | not yet calculated | CVE-2019-11248 CONFIRM MLIST |
| kubernetes -- kubernetes |
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0. | 2019-08-28 | not yet calculated | CVE-2019-11245 CONFIRM |
| kubernetes -- kubernetes |
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. | 2019-08-28 | not yet calculated | CVE-2019-11250 CONFIRM |
| kubernetes -- kubernetes |
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | 2019-08-28 | not yet calculated | CVE-2019-11247 CONFIRM MLIST |
| kubernetes -- kubernetes |
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. | 2019-08-28 | not yet calculated | CVE-2019-11246 CONFIRM MLIST |
| lenovo -- multiple_products |
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54. | 2019-08-28 | not yet calculated | CVE-2019-10724 MISC MISC |
| lexmark -- multiple_products | Various Lexmark products have a Buffer Overflow (issue 3 of 3). | 2019-08-28 | not yet calculated | CVE-2019-9933 CONFIRM |
| lexmark -- multiple_products |
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device. | 2019-08-28 | not yet calculated | CVE-2019-9931 CONFIRM |
| lexmark -- multiple_products |
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. | 2019-08-28 | not yet calculated | CVE-2019-10059 CONFIRM |
| lexmark -- multiple_products |
Various Lexmark products have a Buffer Overflow (issue 2 of 3). | 2019-08-28 | not yet calculated | CVE-2019-9932 CONFIRM |
| limesurvey -- limesurvey |
Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. | 2019-08-26 | not yet calculated | CVE-2019-15640 MISC |
| linux -- linux_kernel |
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | 2019-08-25 | not yet calculated | CVE-2019-15538 MISC MISC MISC MISC |
| linux -- linux_kernel |
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | 2019-08-29 | not yet calculated | CVE-2019-15807 MISC MISC |
| lute-tab -- lute-tab |
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. | 2019-08-29 | not yet calculated | CVE-2019-15783 MISC |
| memcached -- memcached |
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. | 2019-08-30 | not yet calculated | CVE-2019-15026 CONFIRM CONFIRM |
| mikrotik -- routeros |
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. | 2019-08-26 | not yet calculated | CVE-2019-15055 MISC CONFIRM |
| mongodb -- mongodb_server |
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. | 2019-08-30 | not yet calculated | CVE-2019-2389 CONFIRM |
| mongodb -- mongodb_server |
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility. | 2019-08-30 | not yet calculated | CVE-2019-2390 CONFIRM |
| moodle -- moodle |
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. | 2019-08-23 | not yet calculated | CVE-2019-15536 MISC |
| msp360 -- cloudberry_backup | CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM. | 2019-08-28 | not yet calculated | CVE-2019-15720 MISC |
| mulesoft -- mulesoft_and_mulesoft_api_gateway |
Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway (all versions) released before August 1, 2019 allow remote attackers to read files accessible to the Mule process. | 2019-08-30 | not yet calculated | CVE-2019-15630 MISC |
| mysticatea -- eslint-utils |
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code. | 2019-08-26 | not yet calculated | CVE-2019-15657 MISC |
| nmap -- nmap |
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. | 2019-08-28 | not yet calculated | CVE-2017-18594 MISC MISC MISC MISC MISC MISC |
| nvidia -- clara_genomics_analysis |
Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. | 2019-08-29 | not yet calculated | CVE-2019-15788 MISC MISC |
| onkyo -- tx-nr686_receiver_devices |
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. | 2019-08-30 | not yet calculated | CVE-2019-6113 MISC |
| openbsd -- openbsd |
Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. | 2019-08-26 | not yet calculated | CVE-2019-8460 MISC MISC |
| openforis -- arena |
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. | 2019-08-26 | not yet calculated | CVE-2019-15567 MISC |
| opensource-table -- reviews-module |
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. | 2019-08-26 | not yet calculated | CVE-2019-15560 MISC |
| openstack -- os-vif |
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. | 2019-08-28 | not yet calculated | CVE-2019-15753 MLIST MISC MISC MISC CONFIRM |
| pelles_kodfabrik -- connect-pg-simple |
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data. | 2019-08-26 | not yet calculated | CVE-2019-15658 MISC |
| prograde -- grill_temperature_monitor |
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. NOTE: this device also ships with ProGrade branding. | 2019-08-26 | not yet calculated | CVE-2019-15304 MISC MISC MISC |
| pw3270_terminal_emulator -- pw3270_terminal_emulator |
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | 2019-08-23 | not yet calculated | CVE-2019-15525 MLIST MISC MISC |
| ricoh -- multiple_printers |
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | 2019-08-26 | not yet calculated | CVE-2019-14300 MISC MISC |
| ricoh -- multiple_printers |
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | 2019-08-26 | not yet calculated | CVE-2019-14305 MISC MISC |
| ricoh -- multiple_printers |
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | 2019-08-26 | not yet calculated | CVE-2019-14307 MISC MISC |
| ricoh -- multiple_printers |
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | 2019-08-26 | not yet calculated | CVE-2019-14308 MISC MISC |
| riot -- riot |
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. | 2019-08-27 | not yet calculated | CVE-2019-15702 MISC |
| robotis -- dynamixel_sdk |
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. | 2019-08-29 | not yet calculated | CVE-2019-15786 MISC |
| rust -- rust |
An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results. | 2019-08-26 | not yet calculated | CVE-2018-20999 MISC MISC |
| rust -- rust |
An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption. | 2019-08-26 | not yet calculated | CVE-2018-21000 MISC MISC |
| rust -- rust |
An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. | 2019-08-26 | not yet calculated | CVE-2018-20995 MISC |
| rust -- rust |
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. | 2019-08-26 | not yet calculated | CVE-2018-20990 MISC |
| rust -- rust |
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. | 2019-08-26 | not yet calculated | CVE-2016-10931 MISC |
| rust -- rust |
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable. | 2019-08-26 | not yet calculated | CVE-2019-15541 MISC MISC MISC |
| rust -- rust |
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. | 2019-08-26 | not yet calculated | CVE-2019-15542 MISC |
| rust -- rust |
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | 2019-08-26 | not yet calculated | CVE-2018-20997 MISC |
| rust -- rust |
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. | 2019-08-26 | not yet calculated | CVE-2019-15544 MISC |
| rust -- rust |
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. | 2019-08-26 | not yet calculated | CVE-2017-18588 MISC |
| rust -- rust |
An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field. | 2019-08-26 | not yet calculated | CVE-2019-15549 MISC |
| rust -- rust |
An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases. | 2019-08-26 | not yet calculated | CVE-2019-15543 MISC |
| rust -- rust |
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. | 2019-08-26 | not yet calculated | CVE-2016-10932 MISC |
| rust -- rust |
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures. | 2019-08-26 | not yet calculated | CVE-2019-15545 MISC |
| rust -- rust |
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity. | 2019-08-26 | not yet calculated | CVE-2019-15554 MISC MISC |
| rust -- rust |
An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory. | 2019-08-26 | not yet calculated | CVE-2019-15553 MISC MISC |
| rust -- rust |
An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution. | 2019-08-26 | not yet calculated | CVE-2019-15552 MISC MISC |
| rust -- rust |
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity. | 2019-08-26 | not yet calculated | CVE-2019-15551 MISC MISC |
| rust -- rust |
An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary. | 2019-08-26 | not yet calculated | CVE-2019-15550 MISC |
| rust -- rust |
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. | 2019-08-26 | not yet calculated | CVE-2017-18587 MISC |
| selectize-plugin-a11y -- selectize-plugin-a11y |
selectize-plugin-a11y before 1.1.0 has XSS via the msg field. | 2019-08-23 | not yet calculated | CVE-2019-15482 MISC MISC |
| set-value -- set-value |
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. | 2019-08-23 | not yet calculated | CVE-2019-10747 MISC |
| snare -- snare_central |
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. | 2019-08-29 | not yet calculated | CVE-2019-11364 CONFIRM |
| snare -- snare_central |
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. | 2019-08-29 | not yet calculated | CVE-2019-11363 CONFIRM |
| social_network -- social_network |
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. | 2019-08-26 | not yet calculated | CVE-2019-15556 MISC |
| suricata -- suricata |
An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction. | 2019-08-28 | not yet calculated | CVE-2019-10056 MISC CONFIRM |
| suricata -- suricata |
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file. | 2019-08-28 | not yet calculated | CVE-2019-10054 MISC CONFIRM |
| suricata -- suricata |
An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes. | 2019-08-28 | not yet calculated | CVE-2019-10051 MISC MISC CONFIRM |
| suricata -- suricata |
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file. | 2019-08-28 | not yet calculated | CVE-2019-10052 MISC MISC CONFIRM |
| suricata -- suricata |
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file. | 2019-08-28 | not yet calculated | CVE-2019-10055 MISC CONFIRM |
| symantec -- asg_and_proxysg |
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | 2019-08-30 | not yet calculated | CVE-2018-18370 CONFIRM |
| symantec -- asg_and_proxysg |
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | 2019-08-30 | not yet calculated | CVE-2018-18371 CONFIRM |
| symantec -- management_center_rest_api |
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. | 2019-08-30 | not yet calculated | CVE-2019-9697 CONFIRM |
| symantec -- my_vip |
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | 2019-08-30 | not yet calculated | CVE-2019-12754 CONFIRM |
| symantec -- reporter_web_ui |
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. | 2019-08-30 | not yet calculated | CVE-2019-12753 CONFIRM |
| tableau -- multiple_products |
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. | 2019-08-26 | not yet calculated | CVE-2019-15637 MISC MISC MISC |
| teamspeak -- teamspeak_client |
The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE). | 2019-08-29 | not yet calculated | CVE-2019-15502 MISC MISC MISC |
| tightrope_media -- carousel |
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet. | 2019-08-26 | not yet calculated | CVE-2019-13020 CONFIRM |
| totemo -- totemomail | Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | 2019-08-30 | not yet calculated | CVE-2018-15510 MISC |
| totemo -- totemomail |
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | 2019-08-30 | not yet calculated | CVE-2018-15513 MISC |
| totemo -- totemomail |
Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | 2019-08-30 | not yet calculated | CVE-2018-15512 MISC |
| totemo -- totemomail |
Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | 2019-08-30 | not yet calculated | CVE-2018-15511 MISC |
| tp-link -- archer_c3200_and_c2_devices |
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) | 2019-08-27 | not yet calculated | CVE-2019-13268 MISC MISC |
| tp-link -- archer_c3200_and_c2_devices |
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. | 2019-08-27 | not yet calculated | CVE-2019-13267 MISC MISC |
| tp-link -- archer_c3200_and_c2_devices |
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. | 2019-08-27 | not yet calculated | CVE-2019-13266 MISC MISC |
| ubuntu -- ubuntu |
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process. | 2019-08-29 | not yet calculated | CVE-2019-11476 MISC MISC |
| videolan -- vlc_media_player | A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | 2019-08-29 | not yet calculated | CVE-2019-14776 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | 2019-08-29 | not yet calculated | CVE-2019-14534 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | 2019-08-29 | not yet calculated | CVE-2019-14533 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | 2019-08-29 | not yet calculated | CVE-2019-14777 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | 2019-08-29 | not yet calculated | CVE-2019-14437 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. | 2019-08-29 | not yet calculated | CVE-2019-14535 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | 2019-08-29 | not yet calculated | CVE-2019-14438 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | 2019-08-29 | not yet calculated | CVE-2019-14498 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | 2019-08-29 | not yet calculated | CVE-2019-14970 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| videolan -- vlc_media_player |
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | 2019-08-29 | not yet calculated | CVE-2019-14778 CONFIRM BUGTRAQ DEBIAN CONFIRM |
| webassembly -- binaryen |
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. | 2019-08-28 | not yet calculated | CVE-2019-15758 MISC MISC |
| webmin -- webmin | rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users." | 2019-08-26 | not yet calculated | CVE-2019-15642 MISC MISC MISC MISC |
| webtorrent -- webtorrent |
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. | 2019-08-29 | not yet calculated | CVE-2019-15782 MISC MISC |
| wellness-app -- wellness-app |
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. | 2019-08-26 | not yet calculated | CVE-2019-15555 MISC |
| wolfssl -- wolfssl |
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. | 2019-08-26 | not yet calculated | CVE-2019-15651 MISC |
| wordpress -- wordpress | Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9372 MISC MISC |
| wordpress -- wordpress |
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 2019-08-29 | not yet calculated | CVE-2019-15774 MISC MISC MISC |
| wordpress -- wordpress |
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. | 2019-08-27 | not yet calculated | CVE-2018-21002 MISC |
| wordpress -- wordpress |
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. | 2019-08-30 | not yet calculated | CVE-2019-15836 MISC MISC |
| wordpress -- wordpress |
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. | 2019-08-30 | not yet calculated | CVE-2019-15819 MISC MISC MISC |
| wordpress -- wordpress |
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. | 2019-08-30 | not yet calculated | CVE-2019-15818 MISC MISC MISC |
| wordpress -- wordpress |
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. | 2019-08-30 | not yet calculated | CVE-2019-15820 MISC MISC MISC |
| wordpress -- wordpress |
The link-log plugin before 2.1 for WordPress has SQL injection. | 2019-08-27 | not yet calculated | CVE-2015-9344 MISC |
| wordpress -- wordpress |
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | 2019-08-27 | not yet calculated | CVE-2018-21004 MISC MISC MISC |
| wordpress -- wordpress |
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. | 2019-08-27 | not yet calculated | CVE-2015-9349 MISC |
| wordpress -- wordpress |
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. | 2019-08-29 | not yet calculated | CVE-2019-15777 MISC MISC MISC |
| wordpress -- wordpress |
The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. | 2019-08-27 | not yet calculated | CVE-2017-18592 MISC |
| wordpress -- wordpress |
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | 2019-08-29 | not yet calculated | CVE-2019-15781 MISC MISC |
| wordpress -- wordpress |
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. | 2019-08-27 | not yet calculated | CVE-2015-9345 MISC |
| wordpress -- wordpress |
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | 2019-08-30 | not yet calculated | CVE-2019-15816 MISC MISC MISC |
| wordpress -- wordpress |
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. | 2019-08-28 | not yet calculated | CVE-2015-9353 MISC |
| wordpress -- wordpress |
The gigpress plugin before 2.3.11 for WordPress has XSS. | 2019-08-28 | not yet calculated | CVE-2015-9354 MISC |
| wordpress -- wordpress |
The easy-property-listings plugin before 3.4 for WordPress has XSS. | 2019-08-30 | not yet calculated | CVE-2019-15817 MISC MISC |
| wordpress -- wordpress |
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. | 2019-08-29 | not yet calculated | CVE-2019-15776 MISC MISC MISC |
| wordpress -- wordpress |
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 2019-08-29 | not yet calculated | CVE-2019-15772 MISC MISC MISC |
| wordpress -- wordpress |
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. | 2019-08-29 | not yet calculated | CVE-2019-15769 MISC MISC |
| wordpress -- wordpress |
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. | 2019-08-27 | not yet calculated | CVE-2014-10395 MISC |
| wordpress -- wordpress |
The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9361 MISC MISC |
| wordpress -- wordpress |
The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. | 2019-08-27 | not yet calculated | CVE-2018-21006 MISC |
| wordpress -- wordpress |
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | 2019-08-29 | not yet calculated | CVE-2018-21007 MISC |
| wordpress -- wordpress |
The sharebar plugin before 1.2.2 for WordPress has SQL injection. | 2019-08-28 | not yet calculated | CVE-2012-6719 MISC |
| wordpress -- wordpress |
The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | 2019-08-27 | not yet calculated | CVE-2019-15646 MISC MISC MISC |
| wordpress -- wordpress |
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 2019-08-29 | not yet calculated | CVE-2019-15771 MISC MISC MISC |
| wordpress -- wordpress |
The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9358 MISC |
| wordpress -- wordpress |
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | 2019-08-29 | not yet calculated | CVE-2019-15780 MISC |
| wordpress -- wordpress |
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 2019-08-29 | not yet calculated | CVE-2019-15773 MISC MISC MISC |
| wordpress -- wordpress |
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. | 2019-08-27 | not yet calculated | CVE-2018-21005 MISC |
| wordpress -- wordpress |
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. | 2019-08-29 | not yet calculated | CVE-2019-15770 MISC MISC |
| wordpress -- wordpress |
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 2019-08-29 | not yet calculated | CVE-2019-15775 MISC MISC MISC |
| wordpress -- wordpress |
The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. | 2019-08-29 | not yet calculated | CVE-2019-15778 MISC MISC MISC |
| wordpress -- wordpress |
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. | 2019-08-29 | not yet calculated | CVE-2019-15779 MISC MISC |
| wordpress -- wordpress |
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. | 2019-08-28 | not yet calculated | CVE-2015-9356 MISC MISC |
| wordpress -- wordpress |
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. | 2019-08-30 | not yet calculated | CVE-2019-15834 MISC MISC |
| wordpress -- wordpress |
2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9364 MISC MISC |
| wordpress -- wordpress |
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | 2019-08-30 | not yet calculated | CVE-2019-15842 MISC |
| wordpress -- wordpress |
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. | 2019-08-30 | not yet calculated | CVE-2019-15835 MISC MISC |
| wordpress -- wordpress |
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. | 2019-08-30 | not yet calculated | CVE-2019-15833 MISC |
| wordpress -- wordpress |
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | 2019-08-30 | not yet calculated | CVE-2019-15832 MISC MISC |
| wordpress -- wordpress |
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | 2019-08-30 | not yet calculated | CVE-2019-15840 MISC |
| wordpress -- wordpress |
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. | 2019-08-30 | not yet calculated | CVE-2019-15830 MISC MISC MISC |
| wordpress -- wordpress |
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | 2019-08-30 | not yet calculated | CVE-2019-15839 MISC MISC |
| wordpress -- wordpress |
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. | 2019-08-30 | not yet calculated | CVE-2019-15825 MISC MISC MISC |
| wordpress -- wordpress |
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9370 MISC MISC |
| wordpress -- wordpress |
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | 2019-08-30 | not yet calculated | CVE-2019-15831 MISC MISC |
| wordpress -- wordpress |
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | 2019-08-30 | not yet calculated | CVE-2019-15827 MISC MISC MISC |
| wordpress -- wordpress |
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | 2019-08-30 | not yet calculated | CVE-2019-15828 MISC MISC |
| wordpress -- wordpress |
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. | 2019-08-30 | not yet calculated | CVE-2019-15823 MISC MISC MISC |
| wordpress -- wordpress |
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. | 2019-08-30 | not yet calculated | CVE-2019-15821 MISC MISC MISC |
| wordpress -- wordpress |
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. | 2019-08-27 | not yet calculated | CVE-2016-10935 MISC |
| wordpress -- wordpress |
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. | 2019-08-30 | not yet calculated | CVE-2019-15826 MISC MISC MISC |
| wordpress -- wordpress |
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. | 2019-08-28 | not yet calculated | CVE-2015-9355 MISC |
| wordpress -- wordpress |
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. | 2019-08-30 | not yet calculated | CVE-2019-15838 MISC MISC |
| wordpress -- wordpress |
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9375 MISC MISC |
| wordpress -- wordpress |
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9377 MISC MISC |
| wordpress -- wordpress |
The webp-express plugin before 0.14.8 for WordPress has stored XSS. | 2019-08-30 | not yet calculated | CVE-2019-15837 MISC MISC |
| wordpress -- wordpress |
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9368 MISC MISC |
| wordpress -- wordpress |
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9369 MISC MISC |
| wordpress -- wordpress |
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9371 MISC MISC |
| wordpress -- wordpress |
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | 2019-08-30 | not yet calculated | CVE-2019-15841 MISC |
| wordpress -- wordpress |
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9379 MISC MISC |
| wordpress -- wordpress |
PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9373 MISC MISC |
| wordpress -- wordpress |
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9374 MISC MISC |
| wordpress -- wordpress |
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9366 MISC MISC |
| wordpress -- wordpress |
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9378 MISC MISC |
| wordpress -- wordpress |
The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | 2019-08-30 | not yet calculated | CVE-2015-9380 MISC MISC MISC |
| wordpress -- wordpress |
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 2019-08-28 | not yet calculated | CVE-2015-9367 MISC MISC |
| wordpress -- wordpress |
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | 2019-08-30 | not yet calculated | CVE-2019-15822 MISC MISC MISC |
| wordpress -- wordpress |
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. | 2019-08-28 | not yet calculated | CVE-2012-6718 MISC |
| wordpress -- wordpress |
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. | 2019-08-30 | not yet calculated | CVE-2019-15824 MISC MISC MISC |
| wordpress -- wordpress |
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | 2019-08-30 | not yet calculated | CVE-2019-15829 MISC MISC |
| wtfutil -- wtf |
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults. | 2019-08-28 | not yet calculated | CVE-2019-15716 MISC MISC MISC |
| xayr.ga -- xenfcoresharp |
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. | 2019-08-26 | not yet calculated | CVE-2019-15533 MISC |
| xm_online -- user_account_and_authentication_server |
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. | 2019-08-26 | not yet calculated | CVE-2019-15557 MISC |
| xymon -- xymon |
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. | 2019-08-27 | not yet calculated | CVE-2019-13273 MISC CONFIRM |
| zephyr_project -- zephyr |
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | 2019-08-28 | not yet calculated | CVE-2017-14201 MISC MISC MISC |
| zephyr_project -- zephyr |
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | 2019-08-28 | not yet calculated | CVE-2017-14202 MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2LgFaeD
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.