Bulletin (SB19-245)

Vulnerability Summary for the Week of August 26, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7968
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7969
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7970
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7971
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7972
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7973
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7974
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7975
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 9.3 CVE-2019-7976
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7990
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7992
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7993
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 9.3 CVE-2019-7994
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7997
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-7998
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 10.0 CVE-2019-8001
CONFIRM
alfresco -- alfresco The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. 2019-08-26 7.5 CVE-2019-15566
MISC
MISC
altavoz -- prontuscms cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter. 2019-08-26 10.0 CVE-2019-15503
MISC
arrayfire -- arrayfire An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption. 2019-08-26 7.5 CVE-2018-20998
MISC
bedita -- bedita BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. 2019-08-26 7.5 CVE-2019-15570
MISC
cdemu -- libmirage filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user. 2019-08-25 7.2 CVE-2019-15540
SUSE
SUSE
MISC
MISC
MISC
compassionuk -- compassion_switzerland The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. 2019-08-26 7.5 CVE-2019-15564
MISC
crossbeam_project -- crossbeam An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. 2019-08-26 7.5 CVE-2018-20996
MISC
cszcms -- csz_cms CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. 2019-08-26 7.5 CVE-2019-15524
MISC
MISC
dlink -- dir-823g_firmware An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. 2019-08-23 9.0 CVE-2019-15526
MISC
dlink -- dir-823g_firmware An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. 2019-08-23 9.0 CVE-2019-15527
MISC
dlink -- dir-823g_firmware An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. 2019-08-23 9.0 CVE-2019-15528
MISC
dlink -- dir-823g_firmware An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. 2019-08-23 9.0 CVE-2019-15529
MISC
dlink -- dir-823g_firmware An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. 2019-08-23 9.0 CVE-2019-15530
MISC
genetechsolutions -- pie_register The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. 2019-08-27 7.5 CVE-2019-15659
MISC
MISC
getvera -- vera_edge_firmware cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh. 2019-08-23 9.3 CVE-2019-15498
MISC
gorm -- gorm GORM before 1.9.10 allows SQL injection via incomplete parentheses. 2019-08-26 7.5 CVE-2019-15562
MISC
MISC
imagely -- nextgen_gallery A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.10 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. 2019-08-27 7.5 CVE-2019-14314
MISC
MISC
kaseya -- virtual_system_administrator An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected. 2019-08-26 7.8 CVE-2019-15506
MISC
MISC
lexmark -- 6500e_firmware Various Lexmark products have an Integer Overflow. 2019-08-28 10.0 CVE-2019-9930
CONFIRM
linux -- linux_kernel drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). 2019-08-23 10.0 CVE-2019-15504
MISC
linux -- linux_kernel drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). 2019-08-23 10.0 CVE-2019-15505
MISC
MISC
MISC
linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. 2019-08-27 7.8 CVE-2019-15666
MISC
MISC
mixin-deep_project -- mixin-deep mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. 2019-08-23 7.5 CVE-2019-10746
MISC
ncurses_project -- ncurses An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled. 2019-08-26 7.5 CVE-2019-15548
MISC
ohdsi -- webapi Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. 2019-08-26 7.5 CVE-2019-15563
MISC
MISC
MISC
openwrt -- libuci An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. 2019-08-23 7.8 CVE-2019-15513
MISC
paloaltonetworks -- pan-os Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. 2019-08-23 10.0 CVE-2019-1580
CONFIRM
paloaltonetworks -- pan-os Mitigation bypass in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to execute arbitrary code by crafting a malicious message. 2019-08-23 7.5 CVE-2019-1581
CONFIRM
raml-module-builder_project -- raml-module-builder Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update. 2019-08-26 7.5 CVE-2019-15534
MISC
servo -- smallvec An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. 2019-08-26 7.5 CVE-2018-20991
MISC
slickremix -- feed_them_social The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button. 2019-08-27 7.5 CVE-2015-9351
MISC
spoon-library -- spoon_library Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. 2019-08-26 7.5 CVE-2019-15521
MISC
MISC
MISC
themekraft -- buddyforms The buddyforms plugin before 2.2.8 for WordPress has SQL injection. 2019-08-27 7.5 CVE-2018-21003
MISC
MISC
wp-polls_project -- wp-polls The wp-polls plugin before 2.72 for WordPress has SQL injection. 2019-08-27 7.5 CVE-2015-9352
MISC
xm-online -- xm^online_2_-_common_utils_and_endpoints XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. 2019-08-26 7.5 CVE-2019-15558
MISC
xymon -- xymon In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. 2019-08-27 7.5 CVE-2019-13451
MISC
CONFIRM
CONFIRM
xymon -- xymon In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. 2019-08-27 7.5 CVE-2019-13452
MISC
CONFIRM
CONFIRM
xymon -- xymon In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansion in acknowledge.c. 2019-08-27 7.5 CVE-2019-13455
MISC
CONFIRM
CONFIRM
xymon -- xymon In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c. 2019-08-27 7.5 CVE-2019-13484
MISC
CONFIRM
CONFIRM
xymon -- xymon In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. 2019-08-27 7.5 CVE-2019-13485
MISC
CONFIRM
CONFIRM
xymon -- xymon In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c. 2019-08-27 7.5 CVE-2019-13486
MISC
CONFIRM
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. 2019-08-26 4.3 CVE-2019-7977
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7978
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7979
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7980
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. 2019-08-26 4.3 CVE-2019-7981
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7982
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7983
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7984
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7985
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7986
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. 2019-08-26 4.3 CVE-2019-7987
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7988
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-08-26 6.8 CVE-2019-7989
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. 2019-08-26 6.8 CVE-2019-7991
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. 2019-08-26 6.8 CVE-2019-7995
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. 2019-08-26 6.8 CVE-2019-7996
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. 2019-08-26 4.3 CVE-2019-7999
CONFIRM
adobe -- photoshop_cc Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak. 2019-08-26 4.3 CVE-2019-8000
CONFIRM
alkacon -- opencms In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. 2019-08-27 4.3 CVE-2019-13236
MISC
MISC
MISC
alkacon -- opencms_apollo_template In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. 2019-08-27 4.3 CVE-2019-13234
MISC
MISC
alkacon -- opencms_apollo_template In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. 2019-08-27 4.3 CVE-2019-13235
MISC
MISC
alkacon -- opencms_apollo_template In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp. 2019-08-27 4.0 CVE-2019-13237
MISC
MISC
atlassian -- jira The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. 2019-08-23 4.3 CVE-2019-11584
MISC
atlassian -- jira The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. 2019-08-23 5.8 CVE-2019-11585
MISC
atlassian -- jira The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. 2019-08-23 4.3 CVE-2019-11586
MISC
atlassian -- jira Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). 2019-08-23 4.3 CVE-2019-11587
MISC
atlassian -- jira The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability. 2019-08-23 4.3 CVE-2019-11588
MISC
atlassian -- jira The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. 2019-08-23 5.8 CVE-2019-11589
MISC
atlassian -- jira Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. 2019-08-23 5.0 CVE-2019-8445
MISC
atlassian -- jira The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. 2019-08-23 5.0 CVE-2019-8446
MISC
atlassian -- jira The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. 2019-08-23 4.3 CVE-2019-8447
MISC
atlassian -- universal_plugin_manager The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator. 2019-08-23 4.3 CVE-2019-14999
MISC
autodesk -- design_review DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution. 2019-08-23 6.8 CVE-2019-7362
CONFIRM
autodesk -- design_review Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution. 2019-08-23 6.8 CVE-2019-7363
CONFIRM
automattic -- akismet The akismet plugin before 3.1.5 for WordPress has XSS. 2019-08-28 4.3 CVE-2015-9357
MISC
automattic -- jetpack The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 4.3 CVE-2015-9359
MISC
MISC
bestwebsoft -- timesheet The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. 2019-08-27 4.3 CVE-2017-18590
MISC
bloodhound_project -- bloodhound components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name. 2019-08-27 6.8 CVE-2019-15701
MISC
bologer -- anycomment The anycomment plugin before 0.0.33 for WordPress has XSS. 2019-08-27 4.3 CVE-2018-21001
MISC
bolt -- bolt Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. 2019-08-23 4.3 CVE-2019-15483
MISC
MISC
bolt -- bolt Bolt before 3.6.10 has XSS via an image's alt or title field. 2019-08-23 4.3 CVE-2019-15484
MISC
MISC
bolt -- bolt Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. 2019-08-23 4.3 CVE-2019-15485
MISC
MISC
check_email_project -- check_email The check-email plugin before 0.5.2 for WordPress has XSS. 2019-08-27 4.3 CVE-2016-10934
MISC
claxon_project -- claxon An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled. 2019-08-26 4.3 CVE-2018-20992
MISC
codepeople -- polls_cp The cp-polls plugin before 1.0.5 for WordPress has XSS. 2019-08-27 4.3 CVE-2015-9346
MISC
codepeople -- sell_downloads The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. 2019-08-27 5.0 CVE-2015-9348
MISC
comelz -- quark comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. 2019-08-23 5.0 CVE-2019-15520
MISC
cookie_project -- cookie An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic. 2019-08-26 5.0 CVE-2017-18589
MISC
discourse -- discourse Discourse 2.3.2 sends the CSRF token in the query string. 2019-08-26 4.3 CVE-2019-15515
MISC
easyupdatesmanager -- easy_updates_manager The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. 2019-08-27 4.0 CVE-2019-15650
MISC
MISC
elearningfreak -- insert_or_embed_articulate_content The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. 2019-08-27 5.5 CVE-2019-15648
MISC
MISC
elearningfreak -- insert_or_embed_articulate_content The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. 2019-08-27 6.5 CVE-2019-15649
MISC
MISC
eng -- knowage In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. 2019-08-28 4.3 CVE-2019-13189
MISC
eng -- knowage In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. 2019-08-28 4.0 CVE-2019-13348
MISC
etoilewebdesign -- ultimate_faq The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. 2019-08-27 4.3 CVE-2019-15643
MISC
MISC
former_project -- former Former before 4.2.1 has XSS via a checkbox value. 2019-08-23 4.3 CVE-2019-15476
MISC
MISC
fortiguard -- fortios_ips_engine Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. 2019-08-23 4.3 CVE-2019-5592
CONFIRM
fortinet -- fortinac An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. 2019-08-23 4.3 CVE-2019-5594
CONFIRM
fortinet -- fortios An information exposure vulnerability in FortiOS 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. 2019-08-23 5.0 CVE-2018-13367
CONFIRM
gchq -- cyberchef CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. 2019-08-26 4.3 CVE-2019-15532
MISC
MISC
MISC
MISC
gdragon -- gd_rating_system The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php. 2019-08-27 4.3 CVE-2017-18591
MISC
gnu -- libextractor GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. 2019-08-23 4.3 CVE-2019-15531
MISC
MLIST
gnuboard -- gnuboard5 GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. 2019-08-26 4.3 CVE-2018-18668
MISC
MISC
CONFIRM
groundhogg -- groundhogg The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution. 2019-08-27 6.5 CVE-2019-15647
MISC
MISC
MISC
hackmd -- codimd CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. 2019-08-23 4.3 CVE-2019-15499
MISC
httpie -- httpie All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. 2019-08-23 5.8 CVE-2019-10751
MISC
MISC
ibm -- security_access_manager_for_enterprise_single_sign-on IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555. 2019-08-26 6.4 CVE-2019-4513
CONFIRM
XF
igniterealtime -- openfire Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. 2019-08-23 4.3 CVE-2019-15488
MISC
MISC
impress -- wp_rollback The wp-rollback plugin before 1.2.3 for WordPress has XSS. 2019-08-27 4.3 CVE-2015-9342
MISC
impress -- wp_rollback The wp-rollback plugin before 1.2.3 for WordPress has CSRF. 2019-08-27 6.8 CVE-2015-9343
MISC
instamojo -- payment_gateway card/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugin 1.0.7 for WordPress allows Parameter Tampering in the sign parameter, as demonstrated by purchasing an item for lower than the intended price. 2019-08-29 5.0 CVE-2019-14977
MISC
ithemes -- authorize.net Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 4.3 CVE-2015-9365
MISC
MISC
ithemes -- exchange iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 4.3 CVE-2015-9363
MISC
MISC
ithemes -- mobile iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 4.3 CVE-2015-9376
MISC
MISC
jc21 -- nginx_proxy_manager jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. 2019-08-23 4.9 CVE-2019-15517
MISC
MISC
jenkins -- splunk A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. 2019-08-28 6.5 CVE-2019-10390
MLIST
MISC
jooby -- jooby Jooby before 1.6.4 has XSS via the default error handler. 2019-08-23 4.3 CVE-2019-15477
MISC
laracom -- laracom laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. 2019-08-26 4.3 CVE-2019-15489
MISC
lexmark -- 6500e_firmware Various Lexmark products have Incorrect Access Control. 2019-08-28 6.4 CVE-2019-10058
CONFIRM
lexmark -- cs31x_firmware Various Lexmark products have CSRF. 2019-08-28 4.3 CVE-2019-10057
CONFIRM
lexmark -- cs31x_firmware Various Lexmark products have Incorrect Access Control (issue 1 of 2). 2019-08-28 5.0 CVE-2019-9934
CONFIRM
lexmark -- cs31x_firmware Various Lexmark products have Incorrect Access Control (issue 2 of 2). 2019-08-28 5.0 CVE-2019-9935
CONFIRM
lsoft -- listserv Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. 2019-08-26 4.3 CVE-2019-15501
MISC
EXPLOIT-DB
manageyourteam -- myt_project_management MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. 2019-08-28 6.8 CVE-2019-15496
MISC
microfocus -- content_manager Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. 2019-08-30 4.0 CVE-2019-11658
CONFIRM
microfocus -- verastream_host_integrato Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. 2019-08-23 5.0 CVE-2019-11654
CONFIRM
micropyramid -- django_crm Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/. 2019-08-27 6.8 CVE-2019-11457
MISC
FULLDISC
MISC
my_calendar_project -- my_calendar The my-calendar plugin before 3.1.10 for WordPress has XSS. 2019-08-28 4.3 CVE-2019-15713
MISC
ncurses_project -- ncurses An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. 2019-08-26 6.4 CVE-2019-15547
MISC
never5 -- post_connector The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 4.3 CVE-2015-9362
MISC
obdev -- little_snitch Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root. 2019-08-23 4.9 CVE-2019-13013
MISC
obdev -- little_snitch Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade. 2019-08-23 4.9 CVE-2019-13014
MISC
octopus -- octopus_deploy In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10. 2019-08-27 4.0 CVE-2019-15698
MISC
paloaltonetworks -- pan-os Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. 2019-08-23 6.5 CVE-2019-1582
CONFIRM
paloaltonetworks -- twistlock Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. 2019-08-23 6.0 CVE-2019-1583
CONFIRM
pancurses_project -- pancurses An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities. 2019-08-26 6.4 CVE-2019-15546
MISC
plot -- plotly The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. 2019-08-27 4.3 CVE-2015-9347
MISC
portaudio_project -- portaudio An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. 2019-08-26 4.3 CVE-2016-10933
MISC
redirection -- redirection The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. 2019-08-28 4.3 CVE-2011-5329
MISC
redirection -- redirection The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. 2019-08-28 4.3 CVE-2012-6717
MISC
search-guard -- search_guard Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database. 2019-08-23 4.0 CVE-2019-13421
CONFIRM
MISC
MISC
search-guard -- search_guard Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. 2019-08-23 5.8 CVE-2019-13422
CONFIRM
MISC
search-guard -- search_guard Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time 2019-08-23 6.5 CVE-2019-13423
CONFIRM
MISC
slickremix -- feed_them_social The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button. 2019-08-27 4.3 CVE-2015-9350
MISC
status_board_project -- status_board Status Board 1.1.81 has reflected XSS via logic.ts. 2019-08-26 4.3 CVE-2019-15478
MISC
status_board_project -- status_board Status Board 1.1.81 has reflected XSS via dashboard.ts. 2019-08-26 4.3 CVE-2019-15479
MISC
swoole -- swoole Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. 2019-08-23 5.0 CVE-2019-15518
MISC
MISC
telegram -- telegram The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers. 2019-08-23 5.0 CVE-2019-15514
MISC
trust-dns-proto_project -- trust-dns-proto An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. 2019-08-26 5.0 CVE-2018-20994
MISC
untrusted_project -- untrusted An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic. 2019-08-26 5.0 CVE-2018-20989
MISC
updraftplus -- updraftplus The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 4.3 CVE-2015-9360
MISC
MISC
updraftplus -- updraftplus The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file. 2019-08-28 4.3 CVE-2017-18593
MISC
watchguard -- fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). 2019-08-23 5.8 CVE-2016-6154
MISC
webassembly -- binaryen An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. 2019-08-28 5.0 CVE-2019-15759
MISC
MISC
webmin -- webmin xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi. 2019-08-26 6.8 CVE-2019-15641
MISC
webtoffee -- import_export_wordpress_users The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. 2019-08-23 6.0 CVE-2019-15092
MISC
MISC
MISC
woocommerce -- paypal_checkout_payment_gateway cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. 2019-08-29 5.0 CVE-2019-14979
MISC
woocommerce -- payu_india_payment_gateway /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. 2019-08-29 5.0 CVE-2019-14978
MISC
wp-members_project -- wp-members The wp-members plugin before 3.2.8 for WordPress has CSRF. 2019-08-27 6.8 CVE-2019-15660
MISC
wp-polls_project -- wp-polls The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. 2019-08-27 4.3 CVE-2016-10936
MISC
xymon -- xymon In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. 2019-08-27 4.3 CVE-2019-13274
MISC
CONFIRM
yaml-rust_project -- yaml-rust An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. 2019-08-26 5.0 CVE-2018-20993
MISC
zoho -- salesiq The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. 2019-08-27 4.3 CVE-2019-15644
MISC
MISC
zoho -- salesiq The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. 2019-08-27 6.8 CVE-2019-15645
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
atlassian -- jira The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. 2019-08-23 3.5 CVE-2019-8444
MISC
domoticz -- domoticz Domoticz 4.10717 has XSS via item.Name. 2019-08-23 3.5 CVE-2019-15480
MISC
MISC
librenms -- librenms LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account. 2019-08-28 3.5 CVE-2019-15230
MISC
octopus -- server In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. 2019-08-23 3.5 CVE-2019-15507
MISC
octopus -- server In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. 2019-08-23 3.5 CVE-2019-15508
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
androvideo -- advan_vd-1_firmware A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication. 2019-08-28 not yet calculated CVE-2019-13406
CONFIRM
CONFIRM
CONFIRM
androvideo -- advan_vd-1_firmware
 
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. 2019-08-28 not yet calculated CVE-2019-11064
CONFIRM
CONFIRM
CONFIRM
androvideo -- advan_vd-1_firmware
 
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. 2019-08-28 not yet calculated CVE-2019-13407
CONFIRM
CONFIRM
CONFIRM
androvideo -- advan_vd-1_firmware
 
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. 2019-08-28 not yet calculated CVE-2019-13408
CONFIRM
CONFIRM
CONFIRM
androvideo -- advan_vd-1_firmware
 
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software. 2019-08-28 not yet calculated CVE-2019-13405
CONFIRM
CONFIRM
CONFIRM
apache -- commons_compress
 
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. 2019-08-30 not yet calculated CVE-2019-12402
MISC
apache -- santuario_xml_security_for_java
 
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. 2019-08-23 not yet calculated CVE-2019-12400
CONFIRM
apport -- apport
 
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system. 2019-08-29 not yet calculated CVE-2019-7307
MISC
MISC
asus -- hg100_firmware
 
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. 2019-08-28 not yet calculated CVE-2019-11060
CONFIRM
CONFIRM
CONFIRM
asus -- hg100_firmware
 
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. 2019-08-28 not yet calculated CVE-2019-11061
CONFIRM
CONFIRM
CONFIRM
asus -- smarthome_app
 
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. 2019-08-28 not yet calculated CVE-2019-11063
CONFIRM
CONFIRM
CONFIRM
asymmetric-infosec -- power-response
 
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. 2019-08-23 not yet calculated CVE-2019-15519
MISC
atlassian -- confluence_server_and_confluence_data_center
 
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability. 2019-08-29 not yet calculated CVE-2019-3394
MISC
MISC
autodesk -- multiple_products
 
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution. 2019-08-23 not yet calculated CVE-2019-7364
CONFIRM
avira -- avira_free_security_suite
 
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory. 2019-08-29 not yet calculated CVE-2019-11396
FULLDISC
bitrock -- installbuilder
 
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature. 2019-08-28 not yet calculated CVE-2019-5530
MISC
black_box -- icompel
 
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP. 2019-08-26 not yet calculated CVE-2019-15497
MISC
cdemu -- libmirage
 
libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. 2019-08-28 not yet calculated CVE-2019-15757
MISC
MISC
cesnet -- proxystatistics-simplesamlphp-module
 
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. 2019-08-23 not yet calculated CVE-2019-15537
MISC
MISC
chan_zuckerberg_intiative -- idseq-web
 
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. 2019-08-26 not yet calculated CVE-2019-15568
MISC
check_point -- endpoint_security_initial_client_for_windows
 
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user. 2019-08-29 not yet calculated CVE-2019-8461
MISC
cisco -- ios_xe_software
 
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information. 2019-08-28 not yet calculated CVE-2019-12643
CISCO
cisco -- nexus_9000_series_switches
 
A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism. 2019-08-30 not yet calculated CVE-2019-1977
CISCO
cisco -- nx-os_software
 
A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection. 2019-08-28 not yet calculated CVE-2019-1965
CISCO
cisco -- nx-os_software
 
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. 2019-08-30 not yet calculated CVE-2019-1968
CISCO
cisco -- nx-os_software
 
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name. 2019-08-30 not yet calculated CVE-2019-1969
CISCO
cisco -- nx-os_software
 
A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device. 2019-08-28 not yet calculated CVE-2019-1964
CISCO
cisco -- nx-os_software
 
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. 2019-08-28 not yet calculated CVE-2019-1963
CISCO
cisco -- nx-os_software
 
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information. 2019-08-28 not yet calculated CVE-2019-1962
CISCO
cisco -- nx-os_software
 
A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default. 2019-08-30 not yet calculated CVE-2019-1967
CISCO
cisco -- unified_computing_system_fabric_interconnect_software
 
A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device. 2019-08-30 not yet calculated CVE-2019-1966
CISCO
citrix -- storefront_server
 
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. 2019-08-29 not yet calculated CVE-2019-13608
CONFIRM
clonos -- control-pane
 
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. 2019-08-26 not yet calculated CVE-2019-15571
MISC
commscope -- arris_tr4400_devices
 
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this. 2019-08-29 not yet calculated CVE-2019-15805
MISC
commscope -- arris_tr4400_devices
 
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this. 2019-08-29 not yet calculated CVE-2019-15806
MISC
comodo -- comodo_antivirus
 
A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container. 2019-08-28 not yet calculated CVE-2019-14694
MISC
MISC
cuberite -- cuberite
 
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. 2019-08-23 not yet calculated CVE-2019-15516
MISC
d-link -- dir-825ac_g1_devices
 
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. 2019-08-27 not yet calculated CVE-2019-13264
MISC
MISC
d-link -- dir-825ac_g1_devices
 
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. 2019-08-27 not yet calculated CVE-2019-13263
MISC
MISC
d-link -- dir-825ac_g1_devices
 
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) 2019-08-27 not yet calculated CVE-2019-13265
MISC
MISC
datalogic -- av7000_linear_barcode_scanner
 
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. 2019-08-30 not yet calculated CVE-2019-13526
MISC
deeply -- deeply
 
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload. 2019-08-23 not yet calculated CVE-2019-10750
MISC
delta_controls -- entelibus_manager
 
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. 2019-08-26 not yet calculated CVE-2019-9569
MISC
MISC
dfe-digital -- schools-experience
 
DfE School Experience before v16333-GA has XSS via a teacher training URL. 2019-08-23 not yet calculated CVE-2019-15487
MISC
MISC
dianoxdrago -- hawn
 
DianoxDragon Hawn before 2019-07-10 allows SQL injection. 2019-08-26 not yet calculated CVE-2019-15559
MISC
django-js-reverse -- django-js-reverse
 
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. 2019-08-23 not yet calculated CVE-2019-15486
MISC
MISC
docker -- docker_desktop_community_edition
 
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. 2019-08-28 not yet calculated CVE-2019-15752
MISC
domainmod -- domainmod
 
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. 2019-08-29 not yet calculated CVE-2019-15811
MISC
MISC
MISC
dovecot -- dovecot_and_pigeonhole
 
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. 2019-08-29 not yet calculated CVE-2019-11500
CONFIRM
CONFIRM
MLIST
FEDORA
GENTOO
MISC
edimax -- br-6208ac_devices Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) 2019-08-27 not yet calculated CVE-2019-13271
MISC
MISC
edimax -- br-6208ac_devices
 
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. 2019-08-27 not yet calculated CVE-2019-13269
MISC
MISC
edimax -- br-6208ac_devices
 
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. 2019-08-27 not yet calculated CVE-2019-13270
MISC
MISC
entropic -- entropic
 
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. 2019-08-28 not yet calculated CVE-2019-15714
MISC
eques -- elf_smart_plug_and_mobile_app
 
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off. 2019-08-29 not yet calculated CVE-2019-15745
MISC
MISC
MISC
MISC
MISC
estsoft -- alsee
 
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. 2019-08-30 not yet calculated CVE-2019-12810
CONFIRM
flashlingo -- flashlingo
 
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. 2019-08-26 not yet calculated CVE-2019-15561
MISC
fontforge -- fontforge
 
FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. 2019-08-29 not yet calculated CVE-2019-15785
MISC
fortinet -- fortimanager Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods. 2019-08-23 not yet calculated CVE-2019-6695
CONFIRM
fortinet -- fortirecorder
 
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. 2019-08-23 not yet calculated CVE-2019-6698
CONFIRM
fortinet -- fortiweb
 
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. 2019-08-28 not yet calculated CVE-2019-5590
BID
CONFIRM
frappe -- frappe_framework
 
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. 2019-08-27 not yet calculated CVE-2019-15700
MISC
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. 2019-08-30 not yet calculated CVE-2019-5610
MISC
BUGTRAQ
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. 2019-08-30 not yet calculated CVE-2019-5608
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host. 2019-08-30 not yet calculated CVE-2019-5609
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer. 2019-08-30 not yet calculated CVE-2019-5612
CONFIRM
freebsd -- freebsd
 
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. 2019-08-30 not yet calculated CVE-2019-5611
MISC
BUGTRAQ
CONFIRM
gallagher -- command_centre
 
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file. 2019-08-28 not yet calculated CVE-2019-15294
CONFIRM
MISC
gesior-aac -- gesior-aac
 
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. 2019-08-26 not yet calculated CVE-2019-15573
MISC
gesior-aac -- gesior-aac
 
Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. 2019-08-26 not yet calculated CVE-2019-15572
MISC
gesior-aac -- gesior-aac
 
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. 2019-08-26 not yet calculated CVE-2019-15574
MISC
gitlab -- gitlab
 
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. 2019-08-29 not yet calculated CVE-2019-14943
CONFIRM
MISC
MISC
gnu -- chess
 
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. 2019-08-28 not yet calculated CVE-2019-15767
MISC
MISC
haivision -- secure_reliable_transport
 
Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections. 2019-08-29 not yet calculated CVE-2019-15784
MISC
hm_courts_and_tribunals_service -- ccd-data-store-api
 
HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. 2019-08-26 not yet calculated CVE-2019-15569
MISC
hot -- tasking_manager
 
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. 2019-08-23 not yet calculated CVE-2019-15535
MISC
MISC
ibm -- cloud_automation_manager
 
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. 2019-08-29 not yet calculated CVE-2019-4132
CONFIRM
XF
ibm -- cloud_automation_manager
 
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. 2019-08-29 not yet calculated CVE-2019-4133
XF
CONFIRM
ibm -- db2_high_performance_unload_for_linux__unix_and_windows IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489. 2019-08-26 not yet calculated CVE-2019-4448
CONFIRM
XF
ibm -- db2_high_performance_unload_for_linux__unix_and_windows
 
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488. 2019-08-26 not yet calculated CVE-2019-4447
CONFIRM
XF
ibm -- i
 
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592. 2019-08-29 not yet calculated CVE-2019-4536
XF
CONFIRM
ibm -- open_power_firmware
 
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. 2019-08-26 not yet calculated CVE-2019-4169
CONFIRM
XF
icommktconnector -- icommktconnector
 
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. 2019-08-26 not yet calculated CVE-2019-15565
MISC
inner_heaven_project -- libzetta.rs
 
libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. 2019-08-29 not yet calculated CVE-2019-15787
MISC
insyde -- multiple_software_tools
 
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08. 2019-08-26 not yet calculated CVE-2019-12532
MISC
CONFIRM
irssi -- irssi
 
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. 2019-08-29 not yet calculated CVE-2019-15717
MLIST
MLIST
CONFIRM
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. 2019-08-23 not yet calculated CVE-2019-15491
MISC
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. 2019-08-23 not yet calculated CVE-2019-15492
MISC
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. 2019-08-23 not yet calculated CVE-2019-15493
MISC
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. 2019-08-23 not yet calculated CVE-2019-15494
MISC
it-novum -- openitcockpit
 
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. 2019-08-23 not yet calculated CVE-2019-15490
MISC
jenkins -- jenkins
 
Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. 2019-08-28 not yet calculated CVE-2019-10391
MLIST
MISC
jenkins -- jenkins
 
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. 2019-08-28 not yet calculated CVE-2019-10383
MLIST
MISC
jenkins -- jenkins
 
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. 2019-08-28 not yet calculated CVE-2019-10384
MLIST
MISC
kimai2 -- kimai2
 
Kimai v2 before 1.1 has XSS via a timesheet description. 2019-08-23 not yet calculated CVE-2019-15481
MISC
MISC
kubernetes -- kubernetes The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. 2019-08-28 not yet calculated CVE-2019-11249
CONFIRM
MLIST
kubernetes -- kubernetes

 
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. 2019-08-28 not yet calculated CVE-2019-11248
CONFIRM
MLIST
kubernetes -- kubernetes
 
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0. 2019-08-28 not yet calculated CVE-2019-11245
CONFIRM
kubernetes -- kubernetes
 
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. 2019-08-28 not yet calculated CVE-2019-11250
CONFIRM
kubernetes -- kubernetes
 
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. 2019-08-28 not yet calculated CVE-2019-11247
CONFIRM
MLIST
kubernetes -- kubernetes
 
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. 2019-08-28 not yet calculated CVE-2019-11246
CONFIRM
MLIST
lenovo -- multiple_products
 
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54. 2019-08-28 not yet calculated CVE-2019-10724
MISC
MISC
lexmark -- multiple_products Various Lexmark products have a Buffer Overflow (issue 3 of 3). 2019-08-28 not yet calculated CVE-2019-9933
CONFIRM
lexmark -- multiple_products
 
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device. 2019-08-28 not yet calculated CVE-2019-9931
CONFIRM
lexmark -- multiple_products
 
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. 2019-08-28 not yet calculated CVE-2019-10059
CONFIRM
lexmark -- multiple_products
 
Various Lexmark products have a Buffer Overflow (issue 2 of 3). 2019-08-28 not yet calculated CVE-2019-9932
CONFIRM
limesurvey -- limesurvey
 
Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. 2019-08-26 not yet calculated CVE-2019-15640
MISC
linux -- linux_kernel
 
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. 2019-08-25 not yet calculated CVE-2019-15538
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. 2019-08-29 not yet calculated CVE-2019-15807
MISC
MISC
lute-tab -- lute-tab
 
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. 2019-08-29 not yet calculated CVE-2019-15783
MISC
memcached -- memcached
 
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. 2019-08-30 not yet calculated CVE-2019-15026
CONFIRM
CONFIRM
mikrotik -- routeros
 
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. 2019-08-26 not yet calculated CVE-2019-15055
MISC
CONFIRM
mongodb -- mongodb_server
 
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. 2019-08-30 not yet calculated CVE-2019-2389
CONFIRM
mongodb -- mongodb_server
 
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility. 2019-08-30 not yet calculated CVE-2019-2390
CONFIRM
moodle -- moodle
 
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. 2019-08-23 not yet calculated CVE-2019-15536
MISC
msp360 -- cloudberry_backup CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM. 2019-08-28 not yet calculated CVE-2019-15720
MISC
mulesoft -- mulesoft_and_mulesoft_api_gateway
 
Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway (all versions) released before August 1, 2019 allow remote attackers to read files accessible to the Mule process. 2019-08-30 not yet calculated CVE-2019-15630
MISC
mysticatea -- eslint-utils
 
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code. 2019-08-26 not yet calculated CVE-2019-15657
MISC
nmap -- nmap
 
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. 2019-08-28 not yet calculated CVE-2017-18594
MISC
MISC
MISC
MISC
MISC
MISC
nvidia -- clara_genomics_analysis
 
Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. 2019-08-29 not yet calculated CVE-2019-15788
MISC
MISC
onkyo -- tx-nr686_receiver_devices
 
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. 2019-08-30 not yet calculated CVE-2019-6113
MISC
openbsd -- openbsd
 
Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. 2019-08-26 not yet calculated CVE-2019-8460
MISC
MISC
openforis -- arena
 
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. 2019-08-26 not yet calculated CVE-2019-15567
MISC
opensource-table -- reviews-module
 
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. 2019-08-26 not yet calculated CVE-2019-15560
MISC
openstack -- os-vif
 
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. 2019-08-28 not yet calculated CVE-2019-15753
MLIST
MISC
MISC
MISC
CONFIRM
pelles_kodfabrik -- connect-pg-simple
 
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data. 2019-08-26 not yet calculated CVE-2019-15658
MISC
prograde -- grill_temperature_monitor
 
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. NOTE: this device also ships with ProGrade branding. 2019-08-26 not yet calculated CVE-2019-15304
MISC
MISC
MISC
pw3270_terminal_emulator -- pw3270_terminal_emulator
 
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. 2019-08-23 not yet calculated CVE-2019-15525
MLIST
MISC
MISC
ricoh -- multiple_printers
 
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. 2019-08-26 not yet calculated CVE-2019-14300
MISC
MISC
ricoh -- multiple_printers
 
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. 2019-08-26 not yet calculated CVE-2019-14305
MISC
MISC
ricoh -- multiple_printers
 
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. 2019-08-26 not yet calculated CVE-2019-14307
MISC
MISC
ricoh -- multiple_printers
 
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. 2019-08-26 not yet calculated CVE-2019-14308
MISC
MISC
riot -- riot
 
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. 2019-08-27 not yet calculated CVE-2019-15702
MISC
robotis -- dynamixel_sdk
 
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. 2019-08-29 not yet calculated CVE-2019-15786
MISC
rust -- rust
 
An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results. 2019-08-26 not yet calculated CVE-2018-20999
MISC
MISC
rust -- rust
 
An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption. 2019-08-26 not yet calculated CVE-2018-21000
MISC
MISC
rust -- rust
 
An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. 2019-08-26 not yet calculated CVE-2018-20995
MISC
rust -- rust
 
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. 2019-08-26 not yet calculated CVE-2018-20990
MISC
rust -- rust
 
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. 2019-08-26 not yet calculated CVE-2016-10931
MISC
rust -- rust
 
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable. 2019-08-26 not yet calculated CVE-2019-15541
MISC
MISC
MISC
rust -- rust
 
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. 2019-08-26 not yet calculated CVE-2019-15542
MISC
rust -- rust
 
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. 2019-08-26 not yet calculated CVE-2018-20997
MISC
rust -- rust
 
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. 2019-08-26 not yet calculated CVE-2019-15544
MISC
rust -- rust
 
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. 2019-08-26 not yet calculated CVE-2017-18588
MISC
rust -- rust
 
An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field. 2019-08-26 not yet calculated CVE-2019-15549
MISC
rust -- rust
 
An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases. 2019-08-26 not yet calculated CVE-2019-15543
MISC
rust -- rust
 
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. 2019-08-26 not yet calculated CVE-2016-10932
MISC
rust -- rust
 
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures. 2019-08-26 not yet calculated CVE-2019-15545
MISC
rust -- rust
 
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity. 2019-08-26 not yet calculated CVE-2019-15554
MISC
MISC
rust -- rust
 
An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory. 2019-08-26 not yet calculated CVE-2019-15553
MISC
MISC
rust -- rust
 
An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution. 2019-08-26 not yet calculated CVE-2019-15552
MISC
MISC
rust -- rust
 
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity. 2019-08-26 not yet calculated CVE-2019-15551
MISC
MISC
rust -- rust
 
An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary. 2019-08-26 not yet calculated CVE-2019-15550
MISC
rust -- rust
 
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. 2019-08-26 not yet calculated CVE-2017-18587
MISC
selectize-plugin-a11y -- selectize-plugin-a11y
 
selectize-plugin-a11y before 1.1.0 has XSS via the msg field. 2019-08-23 not yet calculated CVE-2019-15482
MISC
MISC
set-value -- set-value
 
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. 2019-08-23 not yet calculated CVE-2019-10747
MISC
snare -- snare_central
 
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. 2019-08-29 not yet calculated CVE-2019-11364
CONFIRM
snare -- snare_central
 
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. 2019-08-29 not yet calculated CVE-2019-11363
CONFIRM
social_network -- social_network
 
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. 2019-08-26 not yet calculated CVE-2019-15556
MISC
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction. 2019-08-28 not yet calculated CVE-2019-10056
MISC
CONFIRM
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file. 2019-08-28 not yet calculated CVE-2019-10054
MISC
CONFIRM
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes. 2019-08-28 not yet calculated CVE-2019-10051
MISC
MISC
CONFIRM
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file. 2019-08-28 not yet calculated CVE-2019-10052
MISC
MISC
CONFIRM
suricata -- suricata
 
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file. 2019-08-28 not yet calculated CVE-2019-10055
MISC
CONFIRM
symantec -- asg_and_proxysg
 
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. 2019-08-30 not yet calculated CVE-2018-18370
CONFIRM
symantec -- asg_and_proxysg
 
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. 2019-08-30 not yet calculated CVE-2018-18371
CONFIRM
symantec -- management_center_rest_api
 
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. 2019-08-30 not yet calculated CVE-2019-9697
CONFIRM
symantec -- my_vip
 
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. 2019-08-30 not yet calculated CVE-2019-12754
CONFIRM
symantec -- reporter_web_ui
 
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. 2019-08-30 not yet calculated CVE-2019-12753
CONFIRM
tableau -- multiple_products
 
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. 2019-08-26 not yet calculated CVE-2019-15637
MISC
MISC
MISC
teamspeak -- teamspeak_client
 
The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE). 2019-08-29 not yet calculated CVE-2019-15502
MISC
MISC
MISC
tightrope_media -- carousel
 
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet. 2019-08-26 not yet calculated CVE-2019-13020
CONFIRM
totemo -- totemomail Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 not yet calculated CVE-2018-15510
MISC
totemo -- totemomail
 
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. 2019-08-30 not yet calculated CVE-2018-15513
MISC
totemo -- totemomail
 
Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 not yet calculated CVE-2018-15512
MISC
totemo -- totemomail
 
Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 not yet calculated CVE-2018-15511
MISC
tp-link -- archer_c3200_and_c2_devices
 
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) 2019-08-27 not yet calculated CVE-2019-13268
MISC
MISC
tp-link -- archer_c3200_and_c2_devices
 
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. 2019-08-27 not yet calculated CVE-2019-13267
MISC
MISC
tp-link -- archer_c3200_and_c2_devices
 
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. 2019-08-27 not yet calculated CVE-2019-13266
MISC
MISC
ubuntu -- ubuntu
 
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process. 2019-08-29 not yet calculated CVE-2019-11476
MISC
MISC
videolan -- vlc_media_player A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. 2019-08-29 not yet calculated CVE-2019-14776
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. 2019-08-29 not yet calculated CVE-2019-14534
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. 2019-08-29 not yet calculated CVE-2019-14533
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. 2019-08-29 not yet calculated CVE-2019-14777
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. 2019-08-29 not yet calculated CVE-2019-14437
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. 2019-08-29 not yet calculated CVE-2019-14535
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. 2019-08-29 not yet calculated CVE-2019-14438
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. 2019-08-29 not yet calculated CVE-2019-14498
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. 2019-08-29 not yet calculated CVE-2019-14970
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
videolan -- vlc_media_player
 
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. 2019-08-29 not yet calculated CVE-2019-14778
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM
webassembly -- binaryen
 
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. 2019-08-28 not yet calculated CVE-2019-15758
MISC
MISC
webmin -- webmin rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users." 2019-08-26 not yet calculated CVE-2019-15642
MISC
MISC
MISC
MISC
webtorrent -- webtorrent
 
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. 2019-08-29 not yet calculated CVE-2019-15782
MISC
MISC
wellness-app -- wellness-app
 
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. 2019-08-26 not yet calculated CVE-2019-15555
MISC
wolfssl -- wolfssl
 
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. 2019-08-26 not yet calculated CVE-2019-15651
MISC
wordpress -- wordpress Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9372
MISC
MISC
wordpress -- wordpress
 
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15774
MISC
MISC
MISC
wordpress -- wordpress
 
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. 2019-08-27 not yet calculated CVE-2018-21002
MISC
wordpress -- wordpress
 
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. 2019-08-30 not yet calculated CVE-2019-15836
MISC
MISC
wordpress -- wordpress
 
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. 2019-08-30 not yet calculated CVE-2019-15819
MISC
MISC
MISC
wordpress -- wordpress
 
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. 2019-08-30 not yet calculated CVE-2019-15818
MISC
MISC
MISC
wordpress -- wordpress
 
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. 2019-08-30 not yet calculated CVE-2019-15820
MISC
MISC
MISC
wordpress -- wordpress
 
The link-log plugin before 2.1 for WordPress has SQL injection. 2019-08-27 not yet calculated CVE-2015-9344
MISC
wordpress -- wordpress
 
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. 2019-08-27 not yet calculated CVE-2018-21004
MISC
MISC
MISC
wordpress -- wordpress
 
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. 2019-08-27 not yet calculated CVE-2015-9349
MISC
wordpress -- wordpress
 
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. 2019-08-29 not yet calculated CVE-2019-15777
MISC
MISC
MISC
wordpress -- wordpress
 
The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. 2019-08-27 not yet calculated CVE-2017-18592
MISC
wordpress -- wordpress
 
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. 2019-08-29 not yet calculated CVE-2019-15781
MISC
MISC
wordpress -- wordpress
 
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. 2019-08-27 not yet calculated CVE-2015-9345
MISC
wordpress -- wordpress
 
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. 2019-08-30 not yet calculated CVE-2019-15816
MISC
MISC
MISC
wordpress -- wordpress
 
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. 2019-08-28 not yet calculated CVE-2015-9353
MISC
wordpress -- wordpress
 
The gigpress plugin before 2.3.11 for WordPress has XSS. 2019-08-28 not yet calculated CVE-2015-9354
MISC
wordpress -- wordpress
 
The easy-property-listings plugin before 3.4 for WordPress has XSS. 2019-08-30 not yet calculated CVE-2019-15817
MISC
MISC
wordpress -- wordpress
 
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. 2019-08-29 not yet calculated CVE-2019-15776
MISC
MISC
MISC
wordpress -- wordpress
 
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15772
MISC
MISC
MISC
wordpress -- wordpress
 
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. 2019-08-29 not yet calculated CVE-2019-15769
MISC
MISC
wordpress -- wordpress
 
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. 2019-08-27 not yet calculated CVE-2014-10395
MISC
wordpress -- wordpress
 
The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9361
MISC
MISC
wordpress -- wordpress
 
The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. 2019-08-27 not yet calculated CVE-2018-21006
MISC
wordpress -- wordpress
 
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. 2019-08-29 not yet calculated CVE-2018-21007
MISC
wordpress -- wordpress
 
The sharebar plugin before 1.2.2 for WordPress has SQL injection. 2019-08-28 not yet calculated CVE-2012-6719
MISC
wordpress -- wordpress
 
The rsvpmaker plugin before 6.2 for WordPress has SQL injection. 2019-08-27 not yet calculated CVE-2019-15646
MISC
MISC
MISC
wordpress -- wordpress
 
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15771
MISC
MISC
MISC
wordpress -- wordpress
 
The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9358
MISC
wordpress -- wordpress
 
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. 2019-08-29 not yet calculated CVE-2019-15780
MISC
wordpress -- wordpress
 
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15773
MISC
MISC
MISC
wordpress -- wordpress
 
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. 2019-08-27 not yet calculated CVE-2018-21005
MISC
wordpress -- wordpress
 
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. 2019-08-29 not yet calculated CVE-2019-15770
MISC
MISC
wordpress -- wordpress
 
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15775
MISC
MISC
MISC
wordpress -- wordpress
 
The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. 2019-08-29 not yet calculated CVE-2019-15778
MISC
MISC
MISC
wordpress -- wordpress
 
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. 2019-08-29 not yet calculated CVE-2019-15779
MISC
MISC
wordpress -- wordpress
 
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. 2019-08-28 not yet calculated CVE-2015-9356
MISC
MISC
wordpress -- wordpress
 
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15834
MISC
MISC
wordpress -- wordpress
 
2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9364
MISC
MISC
wordpress -- wordpress
 
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. 2019-08-30 not yet calculated CVE-2019-15842
MISC
wordpress -- wordpress
 
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15835
MISC
MISC
wordpress -- wordpress
 
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. 2019-08-30 not yet calculated CVE-2019-15833
MISC
wordpress -- wordpress
 
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15832
MISC
MISC
wordpress -- wordpress
 
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15840
MISC
wordpress -- wordpress
 
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. 2019-08-30 not yet calculated CVE-2019-15830
MISC
MISC
MISC
wordpress -- wordpress
 
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. 2019-08-30 not yet calculated CVE-2019-15839
MISC
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. 2019-08-30 not yet calculated CVE-2019-15825
MISC
MISC
MISC
wordpress -- wordpress
 
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9370
MISC
MISC
wordpress -- wordpress
 
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. 2019-08-30 not yet calculated CVE-2019-15831
MISC
MISC
wordpress -- wordpress
 
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. 2019-08-30 not yet calculated CVE-2019-15827
MISC
MISC
MISC
wordpress -- wordpress
 
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15828
MISC
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. 2019-08-30 not yet calculated CVE-2019-15823
MISC
MISC
MISC
wordpress -- wordpress
 
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. 2019-08-30 not yet calculated CVE-2019-15821
MISC
MISC
MISC
wordpress -- wordpress
 
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. 2019-08-27 not yet calculated CVE-2016-10935
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. 2019-08-30 not yet calculated CVE-2019-15826
MISC
MISC
MISC
wordpress -- wordpress
 
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. 2019-08-28 not yet calculated CVE-2015-9355
MISC
wordpress -- wordpress
 
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. 2019-08-30 not yet calculated CVE-2019-15838
MISC
MISC
wordpress -- wordpress
 
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9375
MISC
MISC
wordpress -- wordpress
 
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9377
MISC
MISC
wordpress -- wordpress
 
The webp-express plugin before 0.14.8 for WordPress has stored XSS. 2019-08-30 not yet calculated CVE-2019-15837
MISC
MISC
wordpress -- wordpress
 
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9368
MISC
MISC
wordpress -- wordpress
 
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9369
MISC
MISC
wordpress -- wordpress
 
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9371
MISC
MISC
wordpress -- wordpress
 
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. 2019-08-30 not yet calculated CVE-2019-15841
MISC
wordpress -- wordpress
 
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9379
MISC
MISC
wordpress -- wordpress
 
PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9373
MISC
MISC
wordpress -- wordpress
 
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9374
MISC
MISC
wordpress -- wordpress
 
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9366
MISC
MISC
wordpress -- wordpress
 
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9378
MISC
MISC
wordpress -- wordpress
 
The photo-gallery plugin before 1.2.42 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2015-9380
MISC
MISC
MISC
wordpress -- wordpress
 
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9367
MISC
MISC
wordpress -- wordpress
 
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. 2019-08-30 not yet calculated CVE-2019-15822
MISC
MISC
MISC
wordpress -- wordpress
 
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. 2019-08-28 not yet calculated CVE-2012-6718
MISC
wordpress -- wordpress
 
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. 2019-08-30 not yet calculated CVE-2019-15824
MISC
MISC
MISC
wordpress -- wordpress
 
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. 2019-08-30 not yet calculated CVE-2019-15829
MISC
MISC
wtfutil -- wtf
 
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults. 2019-08-28 not yet calculated CVE-2019-15716
MISC
MISC
MISC
xayr.ga -- xenfcoresharp
 
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. 2019-08-26 not yet calculated CVE-2019-15533
MISC
xm_online -- user_account_and_authentication_server
 
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. 2019-08-26 not yet calculated CVE-2019-15557
MISC
xymon -- xymon
 
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. 2019-08-27 not yet calculated CVE-2019-13273
MISC
CONFIRM
zephyr_project -- zephyr
 
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. 2019-08-28 not yet calculated CVE-2017-14201
MISC
MISC
MISC
zephyr_project -- zephyr
 
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. 2019-08-28 not yet calculated CVE-2017-14202
MISC
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No