Vulnerability Summary for the Week of August 26, 2019

Released
Sep 02, 2019
Document ID
SB19-245

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7968
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7969
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7970
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7971
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7972
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7973
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7974
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7975
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-269.3CVE-2019-7976
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7990
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7992
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7993
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-269.3CVE-2019-7994
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7997
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-7998
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-2610.0CVE-2019-8001
CONFIRM
alfresco -- alfrescoThe Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.2019-08-267.5CVE-2019-15566
MISC
MISC
altavoz -- prontuscmscgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter.2019-08-2610.0CVE-2019-15503
MISC
arrayfire -- arrayfireAn issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption.2019-08-267.5CVE-2018-20998
MISC
bedita -- beditaBEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.2019-08-267.5CVE-2019-15570
MISC
cdemu -- libmiragefilters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.2019-08-257.2CVE-2019-15540
SUSE
SUSE
MISC
MISC
MISC
compassionuk -- compassion_switzerlandThe Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.2019-08-267.5CVE-2019-15564
MISC
crossbeam_project -- crossbeamAn issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.2019-08-267.5CVE-2018-20996
MISC
cszcms -- csz_cmsCSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.2019-08-267.5CVE-2019-15524
MISC
MISC
dlink -- dir-823g_firmwareAn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.2019-08-239.0CVE-2019-15526
MISC
dlink -- dir-823g_firmwareAn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.2019-08-239.0CVE-2019-15527
MISC
dlink -- dir-823g_firmwareAn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.2019-08-239.0CVE-2019-15528
MISC
dlink -- dir-823g_firmwareAn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.2019-08-239.0CVE-2019-15529
MISC
dlink -- dir-823g_firmwareAn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.2019-08-239.0CVE-2019-15530
MISC
genetechsolutions -- pie_registerThe pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.2019-08-277.5CVE-2019-15659
MISC
MISC
getvera -- vera_edge_firmwarecgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.2019-08-239.3CVE-2019-15498
MISC
gorm -- gormGORM before 1.9.10 allows SQL injection via incomplete parentheses.2019-08-267.5CVE-2019-15562
MISC
MISC
imagely -- nextgen_galleryA SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.10 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php.2019-08-277.5CVE-2019-14314
MISC
MISC
kaseya -- virtual_system_administratorAn issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected.2019-08-267.8CVE-2019-15506
MISC
MISC
lexmark -- 6500e_firmwareVarious Lexmark products have an Integer Overflow.2019-08-2810.0CVE-2019-9930
CONFIRM
linux -- linux_kerneldrivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).2019-08-2310.0CVE-2019-15504
MISC
linux -- linux_kerneldrivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).2019-08-2310.0CVE-2019-15505
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.2019-08-277.8CVE-2019-15666
MISC
MISC
mixin-deep_project -- mixin-deepmixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.2019-08-237.5CVE-2019-10746
MISC
ncurses_project -- ncursesAn issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled.2019-08-267.5CVE-2019-15548
MISC
ohdsi -- webapiObservational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.2019-08-267.5CVE-2019-15563
MISC
MISC
MISC
openwrt -- libuciAn issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.2019-08-237.8CVE-2019-15513
MISC
paloaltonetworks -- pan-osMemory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.2019-08-2310.0CVE-2019-1580
CONFIRM
paloaltonetworks -- pan-osMitigation bypass in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to execute arbitrary code by crafting a malicious message.2019-08-237.5CVE-2019-1581
CONFIRM
raml-module-builder_project -- raml-module-builderRaml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.2019-08-267.5CVE-2019-15534
MISC
servo -- smallvecAn issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.2019-08-267.5CVE-2018-20991
MISC
slickremix -- feed_them_socialThe feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button.2019-08-277.5CVE-2015-9351
MISC
spoon-library -- spoon_librarySpoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.2019-08-267.5CVE-2019-15521
MISC
MISC
MISC
themekraft -- buddyformsThe buddyforms plugin before 2.2.8 for WordPress has SQL injection.2019-08-277.5CVE-2018-21003
MISC
MISC
wp-polls_project -- wp-pollsThe wp-polls plugin before 2.72 for WordPress has SQL injection.2019-08-277.5CVE-2015-9352
MISC
xm-online -- xm^online_2_-_common_utils_and_endpointsXM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.2019-08-267.5CVE-2019-15558
MISC
xymon -- xymonIn Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.2019-08-277.5CVE-2019-13451
MISC
CONFIRM
CONFIRM
xymon -- xymonIn Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.2019-08-277.5CVE-2019-13452
MISC
CONFIRM
CONFIRM
xymon -- xymonIn Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansion in acknowledge.c.2019-08-277.5CVE-2019-13455
MISC
CONFIRM
CONFIRM
xymon -- xymonIn Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c.2019-08-277.5CVE-2019-13484
MISC
CONFIRM
CONFIRM
xymon -- xymonIn Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.2019-08-277.5CVE-2019-13485
MISC
CONFIRM
CONFIRM
xymon -- xymonIn Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c.2019-08-277.5CVE-2019-13486
MISC
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.2019-08-264.3CVE-2019-7977
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7978
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7979
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7980
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.2019-08-264.3CVE-2019-7981
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7982
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7983
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7984
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7985
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7986
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.2019-08-264.3CVE-2019-7987
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7988
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.2019-08-266.8CVE-2019-7989
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.2019-08-266.8CVE-2019-7991
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.2019-08-266.8CVE-2019-7995
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.2019-08-266.8CVE-2019-7996
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.2019-08-264.3CVE-2019-7999
CONFIRM
adobe -- photoshop_ccAdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.2019-08-264.3CVE-2019-8000
CONFIRM
alkacon -- opencmsIn system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.2019-08-274.3CVE-2019-13236
MISC
MISC
MISC
alkacon -- opencms_apollo_templateIn the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.2019-08-274.3CVE-2019-13234
MISC
MISC
alkacon -- opencms_apollo_templateIn the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.2019-08-274.3CVE-2019-13235
MISC
MISC
alkacon -- opencms_apollo_templateIn Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.2019-08-274.0CVE-2019-13237
MISC
MISC
atlassian -- jiraThe MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.2019-08-234.3CVE-2019-11584
MISC
atlassian -- jiraThe startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.2019-08-235.8CVE-2019-11585
MISC
atlassian -- jiraThe AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.2019-08-234.3CVE-2019-11586
MISC
atlassian -- jiraVarious exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).2019-08-234.3CVE-2019-11587
MISC
atlassian -- jiraThe ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.2019-08-234.3CVE-2019-11588
MISC
atlassian -- jiraThe ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.2019-08-235.8CVE-2019-11589
MISC
atlassian -- jiraSeveral worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.2019-08-235.0CVE-2019-8445
MISC
atlassian -- jiraThe /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.2019-08-235.0CVE-2019-8446
MISC
atlassian -- jiraThe ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.2019-08-234.3CVE-2019-8447
MISC
atlassian -- universal_plugin_managerThe Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.2019-08-234.3CVE-2019-14999
MISC
autodesk -- design_reviewDLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.2019-08-236.8CVE-2019-7362
CONFIRM
autodesk -- design_reviewUse-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.2019-08-236.8CVE-2019-7363
CONFIRM
automattic -- akismetThe akismet plugin before 3.1.5 for WordPress has XSS.2019-08-284.3CVE-2015-9357
MISC
automattic -- jetpackThe Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-284.3CVE-2015-9359
MISC
MISC
bestwebsoft -- timesheetThe timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.2019-08-274.3CVE-2017-18590
MISC
bloodhound_project -- bloodhoundcomponents/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name.2019-08-276.8CVE-2019-15701
MISC
bologer -- anycommentThe anycomment plugin before 0.0.33 for WordPress has XSS.2019-08-274.3CVE-2018-21001
MISC
bolt -- boltBolt before 3.6.10 has XSS via a title that is mishandled in the system log.2019-08-234.3CVE-2019-15483
MISC
MISC
bolt -- boltBolt before 3.6.10 has XSS via an image's alt or title field.2019-08-234.3CVE-2019-15484
MISC
MISC
bolt -- boltBolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.2019-08-234.3CVE-2019-15485
MISC
MISC
check_email_project -- check_emailThe check-email plugin before 0.5.2 for WordPress has XSS.2019-08-274.3CVE-2016-10934
MISC
claxon_project -- claxonAn issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.2019-08-264.3CVE-2018-20992
MISC
codepeople -- polls_cpThe cp-polls plugin before 1.0.5 for WordPress has XSS.2019-08-274.3CVE-2015-9346
MISC
codepeople -- sell_downloadsThe sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.2019-08-275.0CVE-2015-9348
MISC
comelz -- quarkcomelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.2019-08-235.0CVE-2019-15520
MISC
cookie_project -- cookieAn issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic.2019-08-265.0CVE-2017-18589
MISC
discourse -- discourseDiscourse 2.3.2 sends the CSRF token in the query string.2019-08-264.3CVE-2019-15515
MISC
easyupdatesmanager -- easy_updates_managerThe stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error.2019-08-274.0CVE-2019-15650
MISC
MISC
elearningfreak -- insert_or_embed_articulate_contentThe insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber.2019-08-275.5CVE-2019-15648
MISC
MISC
elearningfreak -- insert_or_embed_articulate_contentThe insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload.2019-08-276.5CVE-2019-15649
MISC
MISC
eng -- knowageIn Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.2019-08-284.3CVE-2019-13189
MISC
eng -- knowageIn Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.2019-08-284.0CVE-2019-13348
MISC
etoilewebdesign -- ultimate_faqThe ultimate-faqs plugin before 1.8.22 for WordPress has XSS.2019-08-274.3CVE-2019-15643
MISC
MISC
former_project -- formerFormer before 4.2.1 has XSS via a checkbox value.2019-08-234.3CVE-2019-15476
MISC
MISC
fortiguard -- fortios_ips_engineMultiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.2019-08-234.3CVE-2019-5592
CONFIRM
fortinet -- fortinacAn Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.2019-08-234.3CVE-2019-5594
CONFIRM
fortinet -- fortiosAn information exposure vulnerability in FortiOS 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.2019-08-235.0CVE-2018-13367
CONFIRM
gchq -- cyberchefCyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.2019-08-264.3CVE-2019-15532
MISC
MISC
MISC
MISC
gdragon -- gd_rating_systemThe gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.2019-08-274.3CVE-2017-18591
MISC
gnu -- libextractorGNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.2019-08-234.3CVE-2019-15531
MISC
MLIST
gnuboard -- gnuboard5GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.2019-08-264.3CVE-2018-18668
MISC
MISC
CONFIRM
groundhogg -- groundhoggThe groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.2019-08-276.5CVE-2019-15647
MISC
MISC
MISC
hackmd -- codimdCodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.2019-08-234.3CVE-2019-15499
MISC
httpie -- httpieAll versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.2019-08-235.8CVE-2019-10751
MISC
MISC
ibm -- security_access_manager_for_enterprise_single_sign-onIBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.2019-08-266.4CVE-2019-4513
CONFIRM
XF
igniterealtime -- openfireIgnite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.2019-08-234.3CVE-2019-15488
MISC
MISC
impress -- wp_rollbackThe wp-rollback plugin before 1.2.3 for WordPress has XSS.2019-08-274.3CVE-2015-9342
MISC
impress -- wp_rollbackThe wp-rollback plugin before 1.2.3 for WordPress has CSRF.2019-08-276.8CVE-2015-9343
MISC
instamojo -- payment_gatewaycard/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugin 1.0.7 for WordPress allows Parameter Tampering in the sign parameter, as demonstrated by purchasing an item for lower than the intended price.2019-08-295.0CVE-2019-14977
MISC
ithemes -- authorize.netAuthorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-284.3CVE-2015-9365
MISC
MISC
ithemes -- exchangeiThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-284.3CVE-2015-9363
MISC
MISC
ithemes -- mobileiThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-284.3CVE-2015-9376
MISC
MISC
jc21 -- nginx_proxy_managerjc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.2019-08-234.9CVE-2019-15517
MISC
MISC
jenkins -- splunkA sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.2019-08-286.5CVE-2019-10390
MLIST
MISC
jooby -- joobyJooby before 1.6.4 has XSS via the default error handler.2019-08-234.3CVE-2019-15477
MISC
laracom -- laracomlaracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.2019-08-264.3CVE-2019-15489
MISC
lexmark -- 6500e_firmwareVarious Lexmark products have Incorrect Access Control.2019-08-286.4CVE-2019-10058
CONFIRM
lexmark -- cs31x_firmwareVarious Lexmark products have CSRF.2019-08-284.3CVE-2019-10057
CONFIRM
lexmark -- cs31x_firmwareVarious Lexmark products have Incorrect Access Control (issue 1 of 2).2019-08-285.0CVE-2019-9934
CONFIRM
lexmark -- cs31x_firmwareVarious Lexmark products have Incorrect Access Control (issue 2 of 2).2019-08-285.0CVE-2019-9935
CONFIRM
lsoft -- listservReflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.2019-08-264.3CVE-2019-15501
MISC
EXPLOIT-DB
manageyourteam -- myt_project_managementMyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.2019-08-286.8CVE-2019-15496
MISC
microfocus -- content_managerInformation exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.2019-08-304.0CVE-2019-11658
CONFIRM
microfocus -- verastream_host_integratoPath traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.2019-08-235.0CVE-2019-11654
CONFIRM
micropyramid -- django_crmMultiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.2019-08-276.8CVE-2019-11457
MISC
FULLDISC
MISC
my_calendar_project -- my_calendarThe my-calendar plugin before 3.1.10 for WordPress has XSS.2019-08-284.3CVE-2019-15713
MISC
ncurses_project -- ncursesAn issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.2019-08-266.4CVE-2019-15547
MISC
never5 -- post_connectorThe Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-284.3CVE-2015-9362
MISC
obdev -- little_snitchLittle Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.2019-08-234.9CVE-2019-13013
MISC
obdev -- little_snitchLittle Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.2019-08-234.9CVE-2019-13014
MISC
octopus -- octopus_deployIn Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.2019-08-274.0CVE-2019-15698
MISC
paloaltonetworks -- pan-osMemory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.2019-08-236.5CVE-2019-1582
CONFIRM
paloaltonetworks -- twistlockEscalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim.2019-08-236.0CVE-2019-1583
CONFIRM
pancurses_project -- pancursesAn issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.2019-08-266.4CVE-2019-15546
MISC
plot -- plotlyThe wp-plotly plugin before 1.0.3 for WordPress has XSS by authors.2019-08-274.3CVE-2015-9347
MISC
portaudio_project -- portaudioAn issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.2019-08-264.3CVE-2016-10933
MISC
redirection -- redirectionThe redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562.2019-08-284.3CVE-2011-5329
MISC
redirection -- redirectionThe redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.2019-08-284.3CVE-2012-6717
MISC
search-guard -- search_guardSearch Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.2019-08-234.0CVE-2019-13421
CONFIRM
MISC
MISC
search-guard -- search_guardSearch Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.2019-08-235.8CVE-2019-13422
CONFIRM
MISC
search-guard -- search_guardSearch Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time2019-08-236.5CVE-2019-13423
CONFIRM
MISC
slickremix -- feed_them_socialThe feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.2019-08-274.3CVE-2015-9350
MISC
status_board_project -- status_boardStatus Board 1.1.81 has reflected XSS via logic.ts.2019-08-264.3CVE-2019-15478
MISC
status_board_project -- status_boardStatus Board 1.1.81 has reflected XSS via dashboard.ts.2019-08-264.3CVE-2019-15479
MISC
swoole -- swooleSwoole before 4.2.13 allows directory traversal in swPort_http_static_handler.2019-08-235.0CVE-2019-15518
MISC
MISC
telegram -- telegramThe Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.2019-08-235.0CVE-2019-15514
MISC
trust-dns-proto_project -- trust-dns-protoAn issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled.2019-08-265.0CVE-2018-20994
MISC
untrusted_project -- untrustedAn issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic.2019-08-265.0CVE-2018-20989
MISC
updraftplus -- updraftplusThe updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-284.3CVE-2015-9360
MISC
MISC
updraftplus -- updraftplusThe updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.2019-08-284.3CVE-2017-18593
MISC
watchguard -- firewareThe authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).2019-08-235.8CVE-2016-6154
MISC
webassembly -- binaryenAn issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.2019-08-285.0CVE-2019-15759
MISC
MISC
webmin -- webminxmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.2019-08-266.8CVE-2019-15641
MISC
webtoffee -- import_export_wordpress_usersThe webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.2019-08-236.0CVE-2019-15092
MISC
MISC
MISC
woocommerce -- paypal_checkout_payment_gatewaycgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.2019-08-295.0CVE-2019-14979
MISC
woocommerce -- payu_india_payment_gateway/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.2019-08-295.0CVE-2019-14978
MISC
wp-members_project -- wp-membersThe wp-members plugin before 3.2.8 for WordPress has CSRF.2019-08-276.8CVE-2019-15660
MISC
wp-polls_project -- wp-pollsThe wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.2019-08-274.3CVE-2016-10936
MISC
xymon -- xymonIn Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.2019-08-274.3CVE-2019-13274
MISC
CONFIRM
yaml-rust_project -- yaml-rustAn issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization.2019-08-265.0CVE-2018-20993
MISC
zoho -- salesiqThe zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.2019-08-274.3CVE-2019-15644
MISC
MISC
zoho -- salesiqThe zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.2019-08-276.8CVE-2019-15645
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
atlassian -- jiraThe wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.2019-08-233.5CVE-2019-8444
MISC
domoticz -- domoticzDomoticz 4.10717 has XSS via item.Name.2019-08-233.5CVE-2019-15480
MISC
MISC
librenms -- librenmsLibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.2019-08-283.5CVE-2019-15230
MISC
octopus -- serverIn Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.2019-08-233.5CVE-2019-15507
MISC
octopus -- serverIn Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7.2019-08-233.5CVE-2019-15508
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
androvideo -- advan_vd-1_firmwareA broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication.2019-08-28not yet calculatedCVE-2019-13406
CONFIRM
CONFIRM
CONFIRM
androvideo -- advan_vd-1_firmware
 
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.2019-08-28not yet calculatedCVE-2019-11064
CONFIRM
CONFIRM
CONFIRM
androvideo -- advan_vd-1_firmware
 
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly.2019-08-28not yet calculatedCVE-2019-13407
CONFIRM
CONFIRM
CONFIRM
androvideo -- advan_vd-1_firmware
 
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.2019-08-28not yet calculatedCVE-2019-13408
CONFIRM
CONFIRM
CONFIRM
androvideo -- advan_vd-1_firmware
 
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.2019-08-28not yet calculatedCVE-2019-13405
CONFIRM
CONFIRM
CONFIRM
apache -- commons_compress
 
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.2019-08-30not yet calculatedCVE-2019-12402
MISC
apache -- santuario_xml_security_for_java
 
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.2019-08-23not yet calculatedCVE-2019-12400
CONFIRM
apport -- apport
 
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.2019-08-29not yet calculatedCVE-2019-7307
MISC
MISC
asus -- hg100_firmware
 
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time.2019-08-28not yet calculatedCVE-2019-11060
CONFIRM
CONFIRM
CONFIRM
asus -- hg100_firmware
 
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication.2019-08-28not yet calculatedCVE-2019-11061
CONFIRM
CONFIRM
CONFIRM
asus -- smarthome_app
 
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication.2019-08-28not yet calculatedCVE-2019-11063
CONFIRM
CONFIRM
CONFIRM
asymmetric-infosec -- power-response
 
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.2019-08-23not yet calculatedCVE-2019-15519
MISC
atlassian -- confluence_server_and_confluence_data_center
 
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.2019-08-29not yet calculatedCVE-2019-3394
MISC
MISC
autodesk -- multiple_products
 
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.2019-08-23not yet calculatedCVE-2019-7364
CONFIRM
avira -- avira_free_security_suite
 
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory.2019-08-29not yet calculatedCVE-2019-11396
FULLDISC
bitrock -- installbuilder
 
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature.2019-08-28not yet calculatedCVE-2019-5530
MISC
black_box -- icompel
 
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.2019-08-26not yet calculatedCVE-2019-15497
MISC
cdemu -- libmirage
 
libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c.2019-08-28not yet calculatedCVE-2019-15757
MISC
MISC
cesnet -- proxystatistics-simplesamlphp-module
 
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.2019-08-23not yet calculatedCVE-2019-15537
MISC
MISC
chan_zuckerberg_intiative -- idseq-web
 
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels.2019-08-26not yet calculatedCVE-2019-15568
MISC
check_point -- endpoint_security_initial_client_for_windows
 
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.2019-08-29not yet calculatedCVE-2019-8461
MISC
cisco -- ios_xe_software
 
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.2019-08-28not yet calculatedCVE-2019-12643
CISCO
cisco -- nexus_9000_series_switches
 
A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism.2019-08-30not yet calculatedCVE-2019-1977
CISCO
cisco -- nx-os_software
 
A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection.2019-08-28not yet calculatedCVE-2019-1965
CISCO
cisco -- nx-os_software
 
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.2019-08-30not yet calculatedCVE-2019-1968
CISCO
cisco -- nx-os_software
 
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name.2019-08-30not yet calculatedCVE-2019-1969
CISCO
cisco -- nx-os_software
 
A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device.2019-08-28not yet calculatedCVE-2019-1964
CISCO
cisco -- nx-os_software
 
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.2019-08-28not yet calculatedCVE-2019-1963
CISCO
cisco -- nx-os_software
 
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information.2019-08-28not yet calculatedCVE-2019-1962
CISCO
cisco -- nx-os_software
 
A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default.2019-08-30not yet calculatedCVE-2019-1967
CISCO
cisco -- unified_computing_system_fabric_interconnect_software
 
A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device.2019-08-30not yet calculatedCVE-2019-1966
CISCO
citrix -- storefront_server
 
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.2019-08-29not yet calculatedCVE-2019-13608
CONFIRM
clonos -- control-pane
 
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.2019-08-26not yet calculatedCVE-2019-15571
MISC
commscope -- arris_tr4400_devices
 
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.2019-08-29not yet calculatedCVE-2019-15805
MISC
commscope -- arris_tr4400_devices
 
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this.2019-08-29not yet calculatedCVE-2019-15806
MISC
comodo -- comodo_antivirus
 
A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container.2019-08-28not yet calculatedCVE-2019-14694
MISC
MISC
cuberite -- cuberite
 
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.2019-08-23not yet calculatedCVE-2019-15516
MISC
d-link -- dir-825ac_g1_devices
 
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.2019-08-27not yet calculatedCVE-2019-13264
MISC
MISC
d-link -- dir-825ac_g1_devices
 
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.2019-08-27not yet calculatedCVE-2019-13263
MISC
MISC
d-link -- dir-825ac_g1_devices
 
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)2019-08-27not yet calculatedCVE-2019-13265
MISC
MISC
datalogic -- av7000_linear_barcode_scanner
 
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code.2019-08-30not yet calculatedCVE-2019-13526
MISC
deeply -- deeply
 
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload.2019-08-23not yet calculatedCVE-2019-10750
MISC
delta_controls -- entelibus_manager
 
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors.2019-08-26not yet calculatedCVE-2019-9569
MISC
MISC
dfe-digital -- schools-experience
 
DfE School Experience before v16333-GA has XSS via a teacher training URL.2019-08-23not yet calculatedCVE-2019-15487
MISC
MISC
dianoxdrago -- hawn
 
DianoxDragon Hawn before 2019-07-10 allows SQL injection.2019-08-26not yet calculatedCVE-2019-15559
MISC
django-js-reverse -- django-js-reverse
 
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.2019-08-23not yet calculatedCVE-2019-15486
MISC
MISC
docker -- docker_desktop_community_edition
 
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.2019-08-28not yet calculatedCVE-2019-15752
MISC
domainmod -- domainmod
 
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.2019-08-29not yet calculatedCVE-2019-15811
MISC
MISC
MISC
dovecot -- dovecot_and_pigeonhole
 
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.2019-08-29not yet calculatedCVE-2019-11500
CONFIRM
CONFIRM
MLIST
FEDORA
GENTOO
MISC
edimax -- br-6208ac_devicesEdimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)2019-08-27not yet calculatedCVE-2019-13271
MISC
MISC
edimax -- br-6208ac_devices
 
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.2019-08-27not yet calculatedCVE-2019-13269
MISC
MISC
edimax -- br-6208ac_devices
 
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.2019-08-27not yet calculatedCVE-2019-13270
MISC
MISC
entropic -- entropic
 
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.2019-08-28not yet calculatedCVE-2019-15714
MISC
eques -- elf_smart_plug_and_mobile_app
 
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off.2019-08-29not yet calculatedCVE-2019-15745
MISC
MISC
MISC
MISC
MISC
estsoft -- alsee
 
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.2019-08-30not yet calculatedCVE-2019-12810
CONFIRM
flashlingo -- flashlingo
 
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.2019-08-26not yet calculatedCVE-2019-15561
MISC
fontforge -- fontforge
 
FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.2019-08-29not yet calculatedCVE-2019-15785
MISC
fortinet -- fortimanagerLack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.2019-08-23not yet calculatedCVE-2019-6695
CONFIRM
fortinet -- fortirecorder
 
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.2019-08-23not yet calculatedCVE-2019-6698
CONFIRM
fortinet -- fortiweb
 
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.2019-08-28not yet calculatedCVE-2019-5590
BID
CONFIRM
frappe -- frappe_framework
 
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.2019-08-27not yet calculatedCVE-2019-15700
MISC
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service.2019-08-30not yet calculatedCVE-2019-5610
MISC
BUGTRAQ
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.2019-08-30not yet calculatedCVE-2019-5608
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.2019-08-30not yet calculatedCVE-2019-5609
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.2019-08-30not yet calculatedCVE-2019-5612
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.2019-08-30not yet calculatedCVE-2019-5611
MISC
BUGTRAQ
CONFIRM
gallagher -- command_centre
 
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.2019-08-28not yet calculatedCVE-2019-15294
CONFIRM
MISC
gesior-aac -- gesior-aac
 
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php.2019-08-26not yet calculatedCVE-2019-15573
MISC
gesior-aac -- gesior-aac
 
Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php.2019-08-26not yet calculatedCVE-2019-15572
MISC
gesior-aac -- gesior-aac
 
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php.2019-08-26not yet calculatedCVE-2019-15574
MISC
gitlab -- gitlab
 
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.2019-08-29not yet calculatedCVE-2019-14943
CONFIRM
MISC
MISC
gnu -- chess
 
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.2019-08-28not yet calculatedCVE-2019-15767
MISC
MISC
haivision -- secure_reliable_transport
 
Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections.2019-08-29not yet calculatedCVE-2019-15784
MISC
hm_courts_and_tribunals_service -- ccd-data-store-api
 
HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java.2019-08-26not yet calculatedCVE-2019-15569
MISC
hot -- tasking_manager
 
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.2019-08-23not yet calculatedCVE-2019-15535
MISC
MISC
ibm -- cloud_automation_manager
 
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274.2019-08-29not yet calculatedCVE-2019-4132
CONFIRM
XF
ibm -- cloud_automation_manager
 
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278.2019-08-29not yet calculatedCVE-2019-4133
XF
CONFIRM
ibm -- db2_high_performance_unload_for_linux__unix_and_windowsIBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.2019-08-26not yet calculatedCVE-2019-4448
CONFIRM
XF
ibm -- db2_high_performance_unload_for_linux__unix_and_windows
 
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.2019-08-26not yet calculatedCVE-2019-4447
CONFIRM
XF
ibm -- i
 
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592.2019-08-29not yet calculatedCVE-2019-4536
XF
CONFIRM
ibm -- open_power_firmware
 
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.2019-08-26not yet calculatedCVE-2019-4169
CONFIRM
XF
icommktconnector -- icommktconnector
 
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.2019-08-26not yet calculatedCVE-2019-15565
MISC
inner_heaven_project -- libzetta.rs
 
libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic.2019-08-29not yet calculatedCVE-2019-15787
MISC
insyde -- multiple_software_tools
 
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.2019-08-26not yet calculatedCVE-2019-12532
MISC
CONFIRM
irssi -- irssi
 
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.2019-08-29not yet calculatedCVE-2019-15717
MLIST
MLIST
CONFIRM
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.2019-08-23not yet calculatedCVE-2019-15491
MISC
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.2019-08-23not yet calculatedCVE-2019-15492
MISC
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.2019-08-23not yet calculatedCVE-2019-15493
MISC
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.2019-08-23not yet calculatedCVE-2019-15494
MISC
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.2019-08-23not yet calculatedCVE-2019-15490
MISC
jenkins -- jenkins
 
Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.2019-08-28not yet calculatedCVE-2019-10391
MLIST
MISC
jenkins -- jenkins
 
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.2019-08-28not yet calculatedCVE-2019-10383
MLIST
MISC
jenkins -- jenkins
 
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.2019-08-28not yet calculatedCVE-2019-10384
MLIST
MISC
kimai2 -- kimai2
 
Kimai v2 before 1.1 has XSS via a timesheet description.2019-08-23not yet calculatedCVE-2019-15481
MISC
MISC
kubernetes -- kubernetesThe kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.2019-08-28not yet calculatedCVE-2019-11249
CONFIRM
MLIST
kubernetes -- kubernetes

 

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.2019-08-28not yet calculatedCVE-2019-11248
CONFIRM
MLIST
kubernetes -- kubernetes
 
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.2019-08-28not yet calculatedCVE-2019-11245
CONFIRM
kubernetes -- kubernetes
 
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.2019-08-28not yet calculatedCVE-2019-11250
CONFIRM
kubernetes -- kubernetes
 
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.2019-08-28not yet calculatedCVE-2019-11247
CONFIRM
MLIST
kubernetes -- kubernetes
 
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11.2019-08-28not yet calculatedCVE-2019-11246
CONFIRM
MLIST
lenovo -- multiple_products
 
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54.2019-08-28not yet calculatedCVE-2019-10724
MISC
MISC
lexmark -- multiple_productsVarious Lexmark products have a Buffer Overflow (issue 3 of 3).2019-08-28not yet calculatedCVE-2019-9933
CONFIRM
lexmark -- multiple_products
 
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.2019-08-28not yet calculatedCVE-2019-9931
CONFIRM
lexmark -- multiple_products
 
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.2019-08-28not yet calculatedCVE-2019-10059
CONFIRM
lexmark -- multiple_products
 
Various Lexmark products have a Buffer Overflow (issue 2 of 3).2019-08-28not yet calculatedCVE-2019-9932
CONFIRM
limesurvey -- limesurvey
 
Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image.2019-08-26not yet calculatedCVE-2019-15640
MISC
linux -- linux_kernel
 
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.2019-08-25not yet calculatedCVE-2019-15538
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.2019-08-29not yet calculatedCVE-2019-15807
MISC
MISC
lute-tab -- lute-tab
 
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc.2019-08-29not yet calculatedCVE-2019-15783
MISC
memcached -- memcached
 
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.2019-08-30not yet calculatedCVE-2019-15026
CONFIRM
CONFIRM
mikrotik -- routeros
 
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.2019-08-26not yet calculatedCVE-2019-15055
MISC
CONFIRM
mongodb -- mongodb_server
 
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.2019-08-30not yet calculatedCVE-2019-2389
CONFIRM
mongodb -- mongodb_server
 
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.2019-08-30not yet calculatedCVE-2019-2390
CONFIRM
moodle -- moodle
 
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.2019-08-23not yet calculatedCVE-2019-15536
MISC
msp360 -- cloudberry_backupCloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM.2019-08-28not yet calculatedCVE-2019-15720
MISC
mulesoft -- mulesoft_and_mulesoft_api_gateway
 
Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway (all versions) released before August 1, 2019 allow remote attackers to read files accessible to the Mule process.2019-08-30not yet calculatedCVE-2019-15630
MISC
mysticatea -- eslint-utils
 
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.2019-08-26not yet calculatedCVE-2019-15657
MISC
nmap -- nmap
 
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.2019-08-28not yet calculatedCVE-2017-18594
MISC
MISC
MISC
MISC
MISC
MISC
nvidia -- clara_genomics_analysis
 
Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp.2019-08-29not yet calculatedCVE-2019-15788
MISC
MISC
onkyo -- tx-nr686_receiver_devices
 
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI.2019-08-30not yet calculatedCVE-2019-6113
MISC
openbsd -- openbsd
 
Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.2019-08-26not yet calculatedCVE-2019-8460
MISC
MISC
openforis -- arena
 
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature.2019-08-26not yet calculatedCVE-2019-15567
MISC
opensource-table -- reviews-module
 
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.2019-08-26not yet calculatedCVE-2019-15560
MISC
openstack -- os-vif
 
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.2019-08-28not yet calculatedCVE-2019-15753
MLIST
MISC
MISC
MISC
CONFIRM
pelles_kodfabrik -- connect-pg-simple
 
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.2019-08-26not yet calculatedCVE-2019-15658
MISC
prograde -- grill_temperature_monitor
 
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. NOTE: this device also ships with ProGrade branding.2019-08-26not yet calculatedCVE-2019-15304
MISC
MISC
MISC
pw3270_terminal_emulator -- pw3270_terminal_emulator
 
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.2019-08-23not yet calculatedCVE-2019-15525
MLIST
MISC
MISC
ricoh -- multiple_printers
 
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.2019-08-26not yet calculatedCVE-2019-14300
MISC
MISC
ricoh -- multiple_printers
 
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.2019-08-26not yet calculatedCVE-2019-14305
MISC
MISC
ricoh -- multiple_printers
 
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.2019-08-26not yet calculatedCVE-2019-14307
MISC
MISC
ricoh -- multiple_printers
 
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.2019-08-26not yet calculatedCVE-2019-14308
MISC
MISC
riot -- riot
 
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.2019-08-27not yet calculatedCVE-2019-15702
MISC
robotis -- dynamixel_sdk
 
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket.2019-08-29not yet calculatedCVE-2019-15786
MISC
rust -- rust
 
An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.2019-08-26not yet calculatedCVE-2018-20999
MISC
MISC
rust -- rust
 
An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption.2019-08-26not yet calculatedCVE-2018-21000
MISC
MISC
rust -- rust
 
An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled.2019-08-26not yet calculatedCVE-2018-20995
MISC
rust -- rust
 
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.2019-08-26not yet calculatedCVE-2018-20990
MISC
rust -- rust
 
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.2019-08-26not yet calculatedCVE-2016-10931
MISC
rust -- rust
 
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.2019-08-26not yet calculatedCVE-2019-15541
MISC
MISC
MISC
rust -- rust
 
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.2019-08-26not yet calculatedCVE-2019-15542
MISC
rust -- rust
 
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.2019-08-26not yet calculatedCVE-2018-20997
MISC
rust -- rust
 
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.2019-08-26not yet calculatedCVE-2019-15544
MISC
rust -- rust
 
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.2019-08-26not yet calculatedCVE-2017-18588
MISC
rust -- rust
 
An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field.2019-08-26not yet calculatedCVE-2019-15549
MISC
rust -- rust
 
An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases.2019-08-26not yet calculatedCVE-2019-15543
MISC
rust -- rust
 
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.2019-08-26not yet calculatedCVE-2016-10932
MISC
rust -- rust
 
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.2019-08-26not yet calculatedCVE-2019-15545
MISC
rust -- rust
 
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.2019-08-26not yet calculatedCVE-2019-15554
MISC
MISC
rust -- rust
 
An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory.2019-08-26not yet calculatedCVE-2019-15553
MISC
MISC
rust -- rust
 
An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.2019-08-26not yet calculatedCVE-2019-15552
MISC
MISC
rust -- rust
 
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.2019-08-26not yet calculatedCVE-2019-15551
MISC
MISC
rust -- rust
 
An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary.2019-08-26not yet calculatedCVE-2019-15550
MISC
rust -- rust
 
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.2019-08-26not yet calculatedCVE-2017-18587
MISC
selectize-plugin-a11y -- selectize-plugin-a11y
 
selectize-plugin-a11y before 1.1.0 has XSS via the msg field.2019-08-23not yet calculatedCVE-2019-15482
MISC
MISC
set-value -- set-value
 
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.2019-08-23not yet calculatedCVE-2019-10747
MISC
snare -- snare_central
 
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter.2019-08-29not yet calculatedCVE-2019-11364
CONFIRM
snare -- snare_central
 
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter.2019-08-29not yet calculatedCVE-2019-11363
CONFIRM
social_network -- social_network
 
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.2019-08-26not yet calculatedCVE-2019-15556
MISC
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction.2019-08-28not yet calculatedCVE-2019-10056
MISC
CONFIRM
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.2019-08-28not yet calculatedCVE-2019-10054
MISC
CONFIRM
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes.2019-08-28not yet calculatedCVE-2019-10051
MISC
MISC
CONFIRM
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.2019-08-28not yet calculatedCVE-2019-10052
MISC
MISC
CONFIRM
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.2019-08-28not yet calculatedCVE-2019-10055
MISC
CONFIRM
symantec -- asg_and_proxysg
 
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.2019-08-30not yet calculatedCVE-2018-18370
CONFIRM
symantec -- asg_and_proxysg
 
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.2019-08-30not yet calculatedCVE-2018-18371
CONFIRM
symantec -- management_center_rest_api
 
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.2019-08-30not yet calculatedCVE-2019-9697
CONFIRM
symantec -- my_vip
 
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.2019-08-30not yet calculatedCVE-2019-12754
CONFIRM
symantec -- reporter_web_ui
 
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.2019-08-30not yet calculatedCVE-2019-12753
CONFIRM
tableau -- multiple_products
 
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.2019-08-26not yet calculatedCVE-2019-15637
MISC
MISC
MISC
teamspeak -- teamspeak_client
 
The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE).2019-08-29not yet calculatedCVE-2019-15502
MISC
MISC
MISC
tightrope_media -- carousel
 
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet.2019-08-26not yet calculatedCVE-2019-13020
CONFIRM
totemo -- totemomailCross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.2019-08-30not yet calculatedCVE-2018-15510
MISC
totemo -- totemomail
 
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.2019-08-30not yet calculatedCVE-2018-15513
MISC
totemo -- totemomail
 
Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.2019-08-30not yet calculatedCVE-2018-15512
MISC
totemo -- totemomail
 
Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.2019-08-30not yet calculatedCVE-2018-15511
MISC
tp-link -- archer_c3200_and_c2_devices
 
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)2019-08-27not yet calculatedCVE-2019-13268
MISC
MISC
tp-link -- archer_c3200_and_c2_devices
 
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.2019-08-27not yet calculatedCVE-2019-13267
MISC
MISC
tp-link -- archer_c3200_and_c2_devices
 
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.2019-08-27not yet calculatedCVE-2019-13266
MISC
MISC
ubuntu -- ubuntu
 
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.2019-08-29not yet calculatedCVE-2019-11476
MISC
MISC
videolan -- vlc_media_playerA heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.2019-08-29not yet calculatedCVE-2019-14776
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.2019-08-29not yet calculatedCVE-2019-14534
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.2019-08-29not yet calculatedCVE-2019-14533
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.2019-08-29not yet calculatedCVE-2019-14777
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.2019-08-29not yet calculatedCVE-2019-14437
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.2019-08-29not yet calculatedCVE-2019-14535
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.2019-08-29not yet calculatedCVE-2019-14438
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.2019-08-29not yet calculatedCVE-2019-14498
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.2019-08-29not yet calculatedCVE-2019-14970
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.2019-08-29not yet calculatedCVE-2019-14778
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
webassembly -- binaryen
 
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.2019-08-28not yet calculatedCVE-2019-15758
MISC
MISC
webmin -- webminrpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."2019-08-26not yet calculatedCVE-2019-15642
MISC
MISC
MISC
MISC
webtorrent -- webtorrent
 
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.2019-08-29not yet calculatedCVE-2019-15782
MISC
MISC
wellness-app -- wellness-app
 
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.2019-08-26not yet calculatedCVE-2019-15555
MISC
wolfssl -- wolfssl
 
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.2019-08-26not yet calculatedCVE-2019-15651
MISC
wordpress -- wordpressMembership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9372
MISC
MISC
wordpress -- wordpress
 
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.2019-08-29not yet calculatedCVE-2019-15774
MISC
MISC
MISC
wordpress -- wordpress
 
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.2019-08-27not yet calculatedCVE-2018-21002
MISC
wordpress -- wordpress
 
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.2019-08-30not yet calculatedCVE-2019-15836
MISC
MISC
wordpress -- wordpress
 
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.2019-08-30not yet calculatedCVE-2019-15819
MISC
MISC
MISC
wordpress -- wordpress
 
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.2019-08-30not yet calculatedCVE-2019-15818
MISC
MISC
MISC
wordpress -- wordpress
 
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.2019-08-30not yet calculatedCVE-2019-15820
MISC
MISC
MISC
wordpress -- wordpress
 
The link-log plugin before 2.1 for WordPress has SQL injection.2019-08-27not yet calculatedCVE-2015-9344
MISC
wordpress -- wordpress
 
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.2019-08-27not yet calculatedCVE-2018-21004
MISC
MISC
MISC
wordpress -- wordpress
 
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.2019-08-27not yet calculatedCVE-2015-9349
MISC
wordpress -- wordpress
 
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.2019-08-29not yet calculatedCVE-2019-15777
MISC
MISC
MISC
wordpress -- wordpress
 
The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.2019-08-27not yet calculatedCVE-2017-18592
MISC
wordpress -- wordpress
 
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.2019-08-29not yet calculatedCVE-2019-15781
MISC
MISC
wordpress -- wordpress
 
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.2019-08-27not yet calculatedCVE-2015-9345
MISC
wordpress -- wordpress
 
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.2019-08-30not yet calculatedCVE-2019-15816
MISC
MISC
MISC
wordpress -- wordpress
 
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.2019-08-28not yet calculatedCVE-2015-9353
MISC
wordpress -- wordpress
 
The gigpress plugin before 2.3.11 for WordPress has XSS.2019-08-28not yet calculatedCVE-2015-9354
MISC
wordpress -- wordpress
 
The easy-property-listings plugin before 3.4 for WordPress has XSS.2019-08-30not yet calculatedCVE-2019-15817
MISC
MISC
wordpress -- wordpress
 
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.2019-08-29not yet calculatedCVE-2019-15776
MISC
MISC
MISC
wordpress -- wordpress
 
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.2019-08-29not yet calculatedCVE-2019-15772
MISC
MISC
MISC
wordpress -- wordpress
 
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.2019-08-29not yet calculatedCVE-2019-15769
MISC
MISC
wordpress -- wordpress
 
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.2019-08-27not yet calculatedCVE-2014-10395
MISC
wordpress -- wordpress
 
The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9361
MISC
MISC
wordpress -- wordpress
 
The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF.2019-08-27not yet calculatedCVE-2018-21006
MISC
wordpress -- wordpress
 
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.2019-08-29not yet calculatedCVE-2018-21007
MISC
wordpress -- wordpress
 
The sharebar plugin before 1.2.2 for WordPress has SQL injection.2019-08-28not yet calculatedCVE-2012-6719
MISC
wordpress -- wordpress
 
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.2019-08-27not yet calculatedCVE-2019-15646
MISC
MISC
MISC
wordpress -- wordpress
 
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.2019-08-29not yet calculatedCVE-2019-15771
MISC
MISC
MISC
wordpress -- wordpress
 
The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9358
MISC
wordpress -- wordpress
 
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.2019-08-29not yet calculatedCVE-2019-15780
MISC
wordpress -- wordpress
 
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.2019-08-29not yet calculatedCVE-2019-15773
MISC
MISC
MISC
wordpress -- wordpress
 
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.2019-08-27not yet calculatedCVE-2018-21005
MISC
wordpress -- wordpress
 
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks.2019-08-29not yet calculatedCVE-2019-15770
MISC
MISC
wordpress -- wordpress
 
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.2019-08-29not yet calculatedCVE-2019-15775
MISC
MISC
MISC
wordpress -- wordpress
 
The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS.2019-08-29not yet calculatedCVE-2019-15778
MISC
MISC
MISC
wordpress -- wordpress
 
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.2019-08-29not yet calculatedCVE-2019-15779
MISC
MISC
wordpress -- wordpress
 
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460.2019-08-28not yet calculatedCVE-2015-9356
MISC
MISC
wordpress -- wordpress
 
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.2019-08-30not yet calculatedCVE-2019-15834
MISC
MISC
wordpress -- wordpress
 
2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9364
MISC
MISC
wordpress -- wordpress
 
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.2019-08-30not yet calculatedCVE-2019-15842
MISC
wordpress -- wordpress
 
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.2019-08-30not yet calculatedCVE-2019-15835
MISC
MISC
wordpress -- wordpress
 
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.2019-08-30not yet calculatedCVE-2019-15833
MISC
wordpress -- wordpress
 
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.2019-08-30not yet calculatedCVE-2019-15832
MISC
MISC
wordpress -- wordpress
 
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.2019-08-30not yet calculatedCVE-2019-15840
MISC
wordpress -- wordpress
 
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.2019-08-30not yet calculatedCVE-2019-15830
MISC
MISC
MISC
wordpress -- wordpress
 
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.2019-08-30not yet calculatedCVE-2019-15839
MISC
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.2019-08-30not yet calculatedCVE-2019-15825
MISC
MISC
MISC
wordpress -- wordpress
 
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9370
MISC
MISC
wordpress -- wordpress
 
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.2019-08-30not yet calculatedCVE-2019-15831
MISC
MISC
wordpress -- wordpress
 
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.2019-08-30not yet calculatedCVE-2019-15827
MISC
MISC
MISC
wordpress -- wordpress
 
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.2019-08-30not yet calculatedCVE-2019-15828
MISC
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.2019-08-30not yet calculatedCVE-2019-15823
MISC
MISC
MISC
wordpress -- wordpress
 
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.2019-08-30not yet calculatedCVE-2019-15821
MISC
MISC
MISC
wordpress -- wordpress
 
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.2019-08-27not yet calculatedCVE-2016-10935
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.2019-08-30not yet calculatedCVE-2019-15826
MISC
MISC
MISC
wordpress -- wordpress
 
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.2019-08-28not yet calculatedCVE-2015-9355
MISC
wordpress -- wordpress
 
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.2019-08-30not yet calculatedCVE-2019-15838
MISC
MISC
wordpress -- wordpress
 
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9375
MISC
MISC
wordpress -- wordpress
 
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9377
MISC
MISC
wordpress -- wordpress
 
The webp-express plugin before 0.14.8 for WordPress has stored XSS.2019-08-30not yet calculatedCVE-2019-15837
MISC
MISC
wordpress -- wordpress
 
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9368
MISC
MISC
wordpress -- wordpress
 
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9369
MISC
MISC
wordpress -- wordpress
 
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9371
MISC
MISC
wordpress -- wordpress
 
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.2019-08-30not yet calculatedCVE-2019-15841
MISC
wordpress -- wordpress
 
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9379
MISC
MISC
wordpress -- wordpress
 
PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9373
MISC
MISC
wordpress -- wordpress
 
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9374
MISC
MISC
wordpress -- wordpress
 
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9366
MISC
MISC
wordpress -- wordpress
 
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9378
MISC
MISC
wordpress -- wordpress
 
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.2019-08-30not yet calculatedCVE-2015-9380
MISC
MISC
MISC
wordpress -- wordpress
 
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().2019-08-28not yet calculatedCVE-2015-9367
MISC
MISC
wordpress -- wordpress
 
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.2019-08-30not yet calculatedCVE-2019-15822
MISC
MISC
MISC
wordpress -- wordpress
 
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491.2019-08-28not yet calculatedCVE-2012-6718
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.2019-08-30not yet calculatedCVE-2019-15824
MISC
MISC
MISC
wordpress -- wordpress
 
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.2019-08-30not yet calculatedCVE-2019-15829
MISC
MISC
wtfutil -- wtf
 
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.2019-08-28not yet calculatedCVE-2019-15716
MISC
MISC
MISC
xayr.ga -- xenfcoresharp
 
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.2019-08-26not yet calculatedCVE-2019-15533
MISC
xm_online -- user_account_and_authentication_server
 
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.2019-08-26not yet calculatedCVE-2019-15557
MISC
xymon -- xymon
 
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.2019-08-27not yet calculatedCVE-2019-13273
MISC
CONFIRM
zephyr_project -- zephyr
 
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.2019-08-28not yet calculatedCVE-2017-14201
MISC
MISC
MISC
zephyr_project -- zephyr
 
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.2019-08-28not yet calculatedCVE-2017-14202
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.