Vulnerability Summary for the Week of September 2, 2019

Released
Sep 09, 2019
Document ID
SB19-252

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
alfresco -- alfrescoAn issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.2019-09-057.5CVE-2019-14222
MISC
alfresco -- alfrescoAn issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution.2019-09-059.0CVE-2019-14224
MISC
artifex -- ghostscriptA flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.2019-09-067.5CVE-2019-14813
CONFIRM
CONFIRM
asus -- precision_touchpadAsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.2019-09-047.5CVE-2019-10709
MISC
MISC
broadcom -- ca_client_automationAn access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.2019-09-067.5CVE-2019-13656
MISC
cisco -- jabberA vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software.2019-09-047.2CVE-2019-12645
CISCO
cisco -- nx-osA vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default.2019-08-307.8CVE-2019-1967
CISCO
cisco -- unified_computing_systemA vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device.2019-08-307.2CVE-2019-1966
CISCO
cisco -- webex_teamsA vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user.2019-09-049.3CVE-2019-1939
CISCO
egain -- chateGain Chat 15.0.3 allows unrestricted file upload.2019-09-047.5CVE-2019-13976
MISC
eventum_project -- eventumController/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.2019-09-057.5CVE-2018-11569
MISC
exim -- eximExim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.2019-09-0610.0CVE-2019-15846
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
FEDORA
FEDORA
BUGTRAQ
GENTOO
UBUNTU
DEBIAN
CERT-VN
MISC
freebsd -- freebsdIn FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.2019-08-307.5CVE-2019-5608
CONFIRM
freebsd -- freebsdIn FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.2019-08-307.8CVE-2019-5611
MISC
BUGTRAQ
CONFIRM
freebsd -- freebsdIn FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.2019-08-307.8CVE-2019-5612
CONFIRM
fusionpbx -- fusionpbxFusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.2019-09-059.0CVE-2019-15029
MISC
MISC
MISC
google -- androidNVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address2019-09-067.2CVE-2018-6240
MISC
google -- androidIn ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.2019-09-059.3CVE-2019-2108
MISC
google -- androidIn GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-057.2CVE-2019-2115
MISC
google -- androidIn SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-057.2CVE-2019-2174
MISC
google -- androidIn ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.2019-09-059.3CVE-2019-2176
MISC
google -- androidIn rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-057.2CVE-2019-2178
MISC
google -- androidIn readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-057.2CVE-2019-9254
MISC
hanwha-security -- srn-472s_firmwareAn issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device.2019-09-057.8CVE-2019-12223
MISC
MISC
MISC
libreoffice -- libreofficeLibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.2019-09-067.5CVE-2019-9854
CONFIRM
libreoffice -- libreofficeLibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.2019-09-067.5CVE-2019-9855
CONFIRM
linux -- linux_kernelAn issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.2019-09-047.2CVE-2017-18595
MISC
MISC
linux -- linux_kernelA backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.2019-09-047.5CVE-2019-15902
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.2019-09-047.8CVE-2019-15916
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.2019-09-047.2CVE-2019-15917
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.2019-09-047.2CVE-2019-15918
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.2019-09-047.2CVE-2019-15919
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.2019-09-047.2CVE-2019-15920
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.2019-09-047.2CVE-2019-15925
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.2019-09-049.4CVE-2019-15926
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.2019-09-047.2CVE-2019-15927
MISC
MISC
nagios -- nagios_xiNagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.2019-09-059.0CVE-2019-15949
MISC
opensc_project -- openscOpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.2019-09-057.5CVE-2019-15945
MISC
MISC
opensc_project -- openscOpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.2019-09-057.5CVE-2019-15946
MISC
MISC
pengutronix -- bareboxPengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.2019-09-057.5CVE-2019-15937
MISC
pengutronix -- bareboxPengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.2019-09-057.5CVE-2019-15938
MISC
restaurant_reservations_project -- restaurant_reservationsThe nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.2019-08-307.5CVE-2019-15819
MISC
MISC
MISC
sonatype -- nexus_repository_managerThe Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.2019-09-039.0CVE-2019-5475
MISC
symphonyextensions -- rich_text_formatterThe Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.2019-09-057.5CVE-2019-13187
MISC
MISC
totaljs -- total.js_cmsAn issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>2019-09-059.0CVE-2019-15954
MISC
MISC
varnish-cache -- varnishAn issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.2019-09-037.8CVE-2019-15892
BUGTRAQ
MISC
DEBIAN
wpbrigade -- loginpressThe LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.2019-09-037.5CVE-2019-15872
MISC
MISC
wpserveur -- wps_child_theme_generatorThe wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.2019-08-307.5CVE-2019-15822
MISC
MISC
MISC
wpserveur -- wps_hide_loginThe wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.2019-08-307.5CVE-2019-15823
MISC
MISC
MISC
wpserveur -- wps_hide_loginThe wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.2019-08-307.5CVE-2019-15824
MISC
MISC
MISC
wpserveur -- wps_hide_loginThe wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.2019-08-307.5CVE-2019-15825
MISC
MISC
MISC
wpserveur -- wps_hide_loginThe wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.2019-08-307.5CVE-2019-15826
MISC
MISC
MISC
xiaoyi -- yi_m1_mirrorless_camera_firmwareAn exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication.2019-09-068.3CVE-2019-13953
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- photo_galleryThe photo-gallery plugin before 1.2.42 for WordPress has CSRF.2019-08-306.8CVE-2015-9380
MISC
MISC
MISC
abus -- secvest_wireless_alarm_system_fuaa50000_firmwareAn issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion.2019-09-035.0CVE-2019-14261
MISC
FULLDISC
BUGTRAQ
MISC
airbrake -- airbrake_rubyThe Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).2019-09-065.0CVE-2019-16060
MISC
apache -- commons_compressThe file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.2019-08-305.0CVE-2019-12402
MISC
artifex -- ghostscriptA flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.2019-09-036.8CVE-2019-14811
CONFIRM
bitcoin -- bitcoin-qtIn Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.2019-09-055.0CVE-2019-15947
MISC
MISC
blynk -- blynk-libraryAn exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.2019-09-055.0CVE-2019-5065
MISC
bold-themes -- bold_page_builderThe bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.2019-08-305.0CVE-2019-15821
MISC
MISC
MISC
canon -- printThe ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.2019-09-054.3CVE-2019-14339
MISC
MISC
cisco -- content_security_management_applianceA vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.2019-09-044.0CVE-2019-12635
CISCO
cisco -- finesseA vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions.2019-09-045.0CVE-2019-12632
CISCO
cisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2019-09-044.3CVE-2019-12644
CISCO
cisco -- network_level_serviceA vulnerability in the &ldquo;plug-and-play&rdquo; services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.2019-09-045.0CVE-2019-1976
CISCO
cisco -- nx-osA vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.2019-08-305.0CVE-2019-1968
CISCO
cisco -- nx-osA vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name.2019-08-305.0CVE-2019-1969
CISCO
cisco -- nx-osA vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism.2019-08-304.3CVE-2019-1977
CISCO
cisco -- unified_contact_center_expressA vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions.2019-09-045.0CVE-2019-12633
CISCO
convertplug -- convertplusThe ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants.2019-09-035.0CVE-2019-15863
MISC
custom_404_pro_project -- custom_404_proThe custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.2019-08-304.3CVE-2019-15838
MISC
MISC
dell -- emc_enterprise_copy_data_managementDell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim?s data in transit.2019-09-035.8CVE-2019-3751
MISC
dell -- emc_unity_operating_environmentDell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.2019-09-034.3CVE-2019-3754
CONFIRM
egain -- chateGain Chat 15.0.3 allows HTML Injection.2019-09-044.3CVE-2019-13975
MISC
eng -- knowageIn Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.2019-09-055.0CVE-2019-13188
MISC
eng -- knowageIn Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page.2019-09-055.0CVE-2019-13190
MISC
epignosishq -- efront_lmsA code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.2019-09-056.5CVE-2019-5069
MISC
epignosishq -- efront_lmsAn exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.2019-09-056.4CVE-2019-5070
MISC
espressif -- esp-idfThe EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.2019-09-044.8CVE-2019-12587
MISC
MISC
MISC
estrongs -- es_file_explorer_file_managerThe master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage.2019-09-055.0CVE-2019-11380
MISC
estsoft -- alseeA memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.2019-08-306.8CVE-2019-12810
CONFIRM
ezautomation -- ez_plc_editorAn attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior.2019-09-046.8CVE-2019-13522
MISC
ezautomation -- ez_touch_editorAn attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior.2019-09-046.8CVE-2019-13518
MISC
f5 -- big-ip_access_policy_managerOn BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.2019-09-046.5CVE-2019-6646
MISC
facebook -- facebook_for_woocommerceThe facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.2019-08-306.8CVE-2019-15840
MISC
facebook -- facebook_for_woocommerceThe facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.2019-08-306.8CVE-2019-15841
MISC
ffmpeg -- ffmpegFFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.2019-09-056.8CVE-2019-15942
MISC
freebsd -- freebsdIn FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.2019-08-306.4CVE-2019-5609
CONFIRM
freebsd -- freebsdIn FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service.2019-08-305.0CVE-2019-5610
MISC
BUGTRAQ
CONFIRM
freedesktop -- popplerPoppler before 0.76.0 has an integer overflow in Parser::makeStream in Parser.cc.2019-09-056.8CVE-2018-21009
MISC
freetype -- freetypeFreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.2019-09-036.8CVE-2015-9381
MISC
MLIST
MISC
freetype -- freetypeFreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.2019-09-034.3CVE-2015-9382
MISC
MLIST
MISC
freetype -- freetypeFreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.2019-09-034.3CVE-2015-9383
MISC
MLIST
MISC
glyphandcog -- xpdfreaderXpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.2019-09-034.3CVE-2019-15860
MISC
gnu -- gccThe POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.2019-09-025.0CVE-2019-15847
MISC
google -- androidIn execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-054.6CVE-2019-2123
MISC
google -- androidIn checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2019-09-054.4CVE-2019-2175
MISC
google -- androidIn isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.2019-09-056.8CVE-2019-2177
MISC
google -- androidIn NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.2019-09-054.3CVE-2019-2179
MISC
google -- androidIn binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2019-09-056.9CVE-2019-2181
MISC
grafana -- grafanaIn Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.2019-09-035.0CVE-2019-15043
CONFIRM
MISC
MISC
CONFIRM
FEDORA
FEDORA
ibm -- intelligent_operations_centerIBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.2019-09-055.0CVE-2019-4321
CONFIRM
XF
ibm -- jazz_for_service_managementIBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.2019-09-054.3CVE-2019-4186
XF
CONFIRM
instagram-php-api_project -- instagram-php-apicosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.2019-09-044.3CVE-2019-14470
MISC
MISC
MISC
EXPLOIT-DB
jetbrains -- teamcityJetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.2019-09-054.3CVE-2019-15848
CONFIRM
knowage-suite -- knowageIn Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.2019-09-054.0CVE-2019-13349
MISC
knowage-suite -- knowageIn Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.2019-09-055.0CVE-2019-14278
MISC
lenovo -- xclarity_administratorAn XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.2019-09-035.0CVE-2019-6179
MISC
lenovo -- xclarity_administratorA reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.2019-09-034.3CVE-2019-6181
MISC
lenovo -- xclarity_administratorA stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.2019-09-034.0CVE-2019-6182
MISC
libexpat_project -- libexpatIn libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.2019-09-045.0CVE-2019-15903
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.2019-09-044.9CVE-2018-21008
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.2019-09-044.6CVE-2019-15921
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.2019-09-044.9CVE-2019-15922
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.2019-09-044.9CVE-2019-15923
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.2019-09-044.9CVE-2019-15924
MISC
MISC
login_or_logout_menu_item_project -- login_or_logout_menu_itemThe login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.2019-08-305.8CVE-2019-15820
MISC
MISC
MISC
memcached -- memcachedmemcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.2019-08-305.0CVE-2019-15026
CONFIRM
CONFIRM
MLIST
mongodb -- mongodbAn unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.2019-08-306.8CVE-2019-2390
CONFIRM
mulesoft -- api_gatewayDirectory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.2019-08-305.0CVE-2019-15630
MISC
nagios -- log_serverNagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.2019-09-034.3CVE-2019-15898
MISC
MISC
naver -- cloud_explorerNDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.2019-09-035.0CVE-2019-13156
CONFIRM
onkyo -- tx-nr686_firmwareDirectory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI.2019-08-305.0CVE-2019-6113
MISC
opencv -- opencvAn issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.2019-09-055.0CVE-2019-15939
MISC
MISC
profilegrid -- profilegridThe profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.2019-09-036.5CVE-2019-15873
MISC
MISC
rancher -- rancherRancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.2019-09-044.3CVE-2019-13209
MISC
CONFIRM
realestateconnected -- easy_property_listingsThe easy-property-listings plugin before 3.4 for WordPress has XSS.2019-08-304.3CVE-2019-15817
MISC
MISC
samba -- sambaA flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.2019-09-036.4CVE-2019-10197
CONFIRM
BUGTRAQ
CONFIRM
UBUNTU
DEBIAN
MISC
sapplica -- sentrifugoSentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.2019-09-066.8CVE-2019-16059
MISC
sentrifugo -- sentrifugoMultiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.2019-09-046.5CVE-2019-15813
EXPLOIT-DB
shaosina -- sina_extension_for_elementorThe sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.2019-08-305.0CVE-2019-15839
MISC
MISC
MISC
simple_mail_address_encoder_project -- simple_mail_address_encoderThe simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.2019-08-304.3CVE-2019-15833
MISC
statichttpserver_project -- statichttpserverA path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.2019-09-035.0CVE-2019-5480
MISC
symantec -- advanced_secure_gatewayThe ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.2019-08-304.3CVE-2018-18370
CONFIRM
symantec -- advanced_secure_gatewayThe ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.2019-08-304.0CVE-2018-18371
CONFIRM
symantec -- management_centerAn information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.2019-08-304.0CVE-2019-9697
CONFIRM
symantec -- reporterAn information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.2019-08-304.0CVE-2019-12753
CONFIRM
totaljs -- total.js_cmsAn issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension.2019-09-056.5CVE-2019-15952
MISC
FULLDISC
MISC
MISC
totaljs -- total.js_cmsAn issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.2019-09-056.5CVE-2019-15953
MISC
MISC
totaljs -- total.js_cmsAn issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n^x complexity, and steal the admin password.2019-09-054.0CVE-2019-15955
MISC
MISC
totemo -- totemomailCross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.2019-08-304.3CVE-2018-15510
MISC
totemo -- totemomailCross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.2019-08-304.3CVE-2018-15511
MISC
totemo -- totemomailCross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.2019-08-304.3CVE-2018-15512
MISC
totemo -- totemomailLog viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.2019-08-305.0CVE-2018-15513
MISC
tribulant -- one_click_sslThe one-click-ssl plugin before 1.4.7 for WordPress has CSRF.2019-08-306.8CVE-2019-15828
MISC
MISC
uclouvain -- openjpegOpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.2019-09-056.8CVE-2018-21010
MISC
webcraftic -- simple_301_redirectsThe simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.2019-08-305.8CVE-2019-15818
MISC
MISC
MISC
webcraftic -- woody_ad_snippetsadmin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.2019-09-034.3CVE-2019-15858
MISC
MISC
webp_converter_for_media_project -- webp_converter_for_mediaThe webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.2019-08-306.8CVE-2019-15834
MISC
MISC
wp-buy -- visitor_traffic_real_time_statisticsThe visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.2019-08-306.8CVE-2019-15831
MISC
MISC
wp-buy -- visitor_traffic_real_time_statisticsThe visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.2019-08-306.8CVE-2019-15832
MISC
MISC
wp_better_permalinks_project -- wp_better_permalinksThe wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.2019-08-306.8CVE-2019-15835
MISC
MISC
wpaffiliatemanager -- affiliates_managerThe affiliates-manager plugin before 2.6.6 for WordPress has CSRF.2019-09-036.8CVE-2019-15868
MISC
MISC
wpbrigade -- loginpressThe LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.2019-09-034.0CVE-2019-15871
MISC
MISC
wpexpertdeveloper -- wp_private_content_plusThe wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.2019-08-305.0CVE-2019-15816
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
bitwise-it -- webp_expressThe webp-express plugin before 0.14.8 for WordPress has stored XSS.2019-08-303.5CVE-2019-15837
MISC
MISC
bootstrapped -- wp_ultimate_recipeThe wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.2019-08-303.5CVE-2019-15836
MISC
MISC
espressif -- arduino-esp32The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.2019-09-043.3CVE-2019-12586
MISC
MISC
MISC
f5 -- container_ingress_serviceOn version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.2019-09-041.9CVE-2019-6648
MISC
freedesktop -- systemdIn systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.2019-09-042.1CVE-2019-15718
MISC
MISC
FEDORA
FEDORA
google -- androidIn Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-052.1CVE-2019-2103
MISC
google -- androidIn ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure.2019-09-052.1CVE-2019-2124
MISC
google -- androidIn ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-052.1CVE-2019-2180
MISC
greentreelabs -- gallery_photoblocksThe photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.2019-08-303.5CVE-2019-15829
MISC
MISC
ibm -- business_automation_workflowIBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.2019-09-053.5CVE-2019-4149
XF
CONFIRM
icegram -- icegramThe icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.2019-08-303.5CVE-2019-15830
MISC
MISC
MISC
lenovo -- xclarity_administratorA stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.2019-09-033.5CVE-2019-6180
MISC
mongodb -- mongodbIncorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.2019-08-303.3CVE-2019-2389
CONFIRM
onesignal -- onesignal-free-web-push-notificationsThe onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.2019-08-303.5CVE-2019-15827
MISC
MISC
MISC
philips -- hdi_4000_firmwareIn Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product.2019-09-043.6CVE-2019-10988
MISC
redhat -- virtualization_hostAn information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.2019-09-032.1CVE-2019-1125
REDHAT
MISC
sentrifugo -- sentrifugoMultiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.2019-09-043.5CVE-2019-15814
EXPLOIT-DB
smanos -- w100_firmwareSmanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network.2019-09-053.3CVE-2019-13361
MISC
symantec -- vipSymantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.2019-08-303.5CVE-2019-12754
CONFIRM
tiktok -- tiktokThe TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.2019-09-043.3CVE-2019-14319
MISC
MISC
xilinx -- zynq_ultrascale+_mpsoc_firmwareA weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.2019-09-032.1CVE-2019-5478
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
alfresco -- alfresco_community_editionAn issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).2019-09-06not yet calculatedCVE-2019-14223
MISC
artifex -- ghostscriptA flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.2019-09-03not yet calculatedCVE-2019-14817
CONFIRM
CONFIRM
becton_dickinson_and_company -- pyxis_es_and_pyxis_enterprise_server_with_windows_serverIn Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.2019-09-06not yet calculatedCVE-2019-13517
MISC
challenge_healthcare -- change_healthcare_cardiology_and_horizon_cardiology_and_mckesson_cardiologyA vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.2019-09-06not yet calculatedCVE-2018-18630
MISC
MISC
d-link -- dir-806_devicesD-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.2019-09-06not yet calculatedCVE-2019-10891
MISC
d-link -- dir-806_deviceshnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.2019-09-06not yet calculatedCVE-2019-10892
MISC
dasan_zhone_solutions -- znid_gpon 2426a_eu_devicesMultiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg).2019-09-05not yet calculatedCVE-2019-10677
MISC
MISC
MISC
MISC
datalogic -- av7000_linear_barcode_scannerDatalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code.2019-08-30not yet calculatedCVE-2019-13526
MISC
eclipse -- spotless_eclipse-wtp_and_eclipse-cdt_and_eclipse_groovyIn all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. **Note:** In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low.2019-09-05not yet calculatedCVE-2019-10753
MISC
espressif -- esp8266_nonos_sdkThe client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.2019-09-04not yet calculatedCVE-2019-12588
MISC
MISC
MISC
f5 -- big-ipOn versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.2019-09-04not yet calculatedCVE-2019-6643
MISC
f5 -- big-ipOn BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken.2019-09-04not yet calculatedCVE-2019-6645
MISC
f5 -- big-ipSimilar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.2019-09-04not yet calculatedCVE-2019-6644
MISC
f5 -- big-ipOn BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system.2019-09-04not yet calculatedCVE-2019-6647
MISC
facebook -- hhvmInsufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.2019-09-06not yet calculatedCVE-2019-11926
CONFIRM
CONFIRM
CONFIRM
facebook -- hhvmInsufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.2019-09-06not yet calculatedCVE-2019-11925
CONFIRM
CONFIRM
CONFIRM
google -- androidIn the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9454
MISC
google -- androidIn the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9451
MISC
google -- androidIn the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9444
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9448
MISC
google -- androidIn the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9449
MISC
google -- androidIn the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-2182
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9447
MISC
google -- androidIn the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9445
MISC
google -- androidIn the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9456
MISC
google -- androidIn the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9453
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9450
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9446
MISC
google -- androidIn the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9452
MISC
google -- androidIn the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9455
MISC
google -- androidIn the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9443
MISC
google -- androidIn the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9441
MISC
google -- androidIn the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9458
MISC
google -- androidIn the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9457
MISC
google -- androidIn the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9274
MISC
google -- androidIn the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.2019-09-06not yet calculatedCVE-2019-9436
MISC
google -- androidIn the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9270
MISC
google -- androidIn the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.2019-09-06not yet calculatedCVE-2019-9345
MISC
google -- androidIn the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9276
MISC
google -- androidIn the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9275
MISC
google -- androidIn the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9273
MISC
google -- androidIn the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9426
MISC
google -- androidIn the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9461
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9248
MISC
google -- androidIn the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9245
MISC
google -- androidIn the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9271
MISC
google -- androidIn the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation.2019-09-06not yet calculatedCVE-2019-9442
MISC
if.svnadmin -- if.svnadminiF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user.2019-09-06not yet calculatedCVE-2019-15128
MISC
intramaps -- mapcontrolA SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page.2019-09-05not yet calculatedCVE-2019-13191
MISC
larvit -- larvitbase_apiAn unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file).2019-09-03not yet calculatedCVE-2019-5479
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.2019-09-06not yet calculatedCVE-2019-16089
MISC
mautic -- mauticAn issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.2019-09-06not yet calculatedCVE-2018-11198
MISC
CONFIRM
opensc -- pam_p11An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.2019-09-06not yet calculatedCVE-2019-16058
MISC
php -- phpA type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.2019-09-06not yet calculatedCVE-2016-7398
MISC
MISC
MISC
python -- pythonAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.2019-09-06not yet calculatedCVE-2019-16056
MISC
MISC
qemu -- qemulibslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.2019-09-06not yet calculatedCVE-2019-15890
CONFIRM
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.2019-09-07not yet calculatedCVE-2019-16094
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.2019-09-07not yet calculatedCVE-2019-16095
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.2019-09-07not yet calculatedCVE-2019-16091
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.2019-09-07not yet calculatedCVE-2019-16092
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.2019-09-07not yet calculatedCVE-2019-16093
MISC
tyto_software -- sahi_proAn issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server.2019-09-06not yet calculatedCVE-2019-15102
MISC
valve -- counter-strike_global_offensiveIn Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message.2019-09-05not yet calculatedCVE-2019-15944
MISC
wordpress -- wordpressThe easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.2019-08-30not yet calculatedCVE-2019-15842
MISC
wordpress -- wordpressThe breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF.2019-09-03not yet calculatedCVE-2019-15865
MISC
MISC
wordpress -- wordpressThe crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.2019-09-03not yet calculatedCVE-2019-15866
MISC
MISC
wordpress -- wordpressThe slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action.2019-09-03not yet calculatedCVE-2019-15867
MISC
MISC
MISC
wordpress -- wordpressThe JobCareer theme before 2.5.1 for WordPress has stored XSS.2019-09-03not yet calculatedCVE-2019-15869
MISC
wordpress -- wordpressThe CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.2019-09-03not yet calculatedCVE-2019-15870
MISC
wordpress -- wordpressThe download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.2019-09-03not yet calculatedCVE-2019-15889
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS.2019-09-03not yet calculatedCVE-2019-15864
MISC
MISC
xpdf -- xpdfXpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.2019-09-06not yet calculatedCVE-2019-16088
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.