Vulnerability Summary for the Week of September 9, 2019

Released
Sep 16, 2019
Document ID
SB19-259

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- photo_gallerySQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.2019-09-087.5CVE-2019-16119
MISC
MISC
MISC
MISC
adobe -- flash_playerAdobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.2019-09-1210.0CVE-2019-8069
CONFIRM
adobe -- flash_playerAdobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.2019-09-1210.0CVE-2019-8070
CONFIRM
advantech -- webaccessStack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.2019-09-107.5CVE-2019-3975
MISC
apache -- ofbizThe Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+18500192019-09-117.5CVE-2018-17200
MLIST
apache -- ofbizThe java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 162019-09-117.5CVE-2019-0189
MLIST
MLIST
MLIST
apache -- ofbizAn RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r18585332019-09-117.5CVE-2019-10074
MLIST
MLIST
artifex -- ghostscriptA flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.2019-09-067.5CVE-2019-14813
CONFIRM
REDHAT
CONFIRM
MLIST
BUGTRAQ
DEBIAN
atutor -- atutorIn ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php.2019-09-097.5CVE-2019-16114
MISC
MISC
blake2 -- blake2An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.2019-09-097.5CVE-2019-16143
MISC
broadcom -- ca_client_automationAn access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.2019-09-067.5CVE-2019-13656
MISC
FULLDISC
MISC
BUGTRAQ
compact_arena_project -- compact_arenaAn issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.2019-09-099.0CVE-2019-16139
MISC
MISC
couchbase -- couchbase_serverAn issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON document to be stored with more than 3000 '\t' characters can crash the indexing system.2019-09-107.8CVE-2019-11467
MISC
couchbase -- couchbase_serverCouchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network services by default. One of those services is an epmd service, which allows for node integration between Erlang instances. This service is protected by a single 16-character password. Unfortunately, this password is not generated securely due to an insufficient random seed, and can be reasonably brute-forced by an attacker to execute code against a remote system.2019-09-107.5CVE-2019-11495
MISC
dlink -- dir-806_firmwareD-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.2019-09-0610.0CVE-2019-10891
MISC
dlink -- dir-806_firmwarehnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.2019-09-0610.0CVE-2019-10892
MISC
dlink -- dir-868l_firmwareSharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.2019-09-097.5CVE-2019-16190
MISC
doccms -- doccmsupload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.2019-09-097.5CVE-2019-16192
MISC
facebook -- hhvmInsufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.2019-09-067.5CVE-2019-11925
CONFIRM
CONFIRM
CONFIRM
facebook -- hhvmInsufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.2019-09-067.5CVE-2019-11926
CONFIRM
CONFIRM
CONFIRM
generator-rs_project -- generator-rsAn issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.2019-09-097.8CVE-2019-16144
MISC
MISC
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.2019-09-097.5CVE-2019-6960
CONFIRM
CONFIRM
gitlabhook_project -- gitlabhookNPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.2019-09-1310.0CVE-2019-5485
MISC
google -- androidNVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address2019-09-067.2CVE-2018-6240
CONFIRM
MISC
google -- androidIn the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-067.5CVE-2019-9275
MISC
google -- androidIn the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.2019-09-067.2CVE-2019-9345
MISC
google -- androidIn the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-067.8CVE-2019-9461
MISC
gravitatedesign -- gravitate_qa_trackerThe gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.2019-09-107.5CVE-2017-18605
MISC
MISC
image-rs -- imageAn issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.2019-09-097.5CVE-2019-16138
MISC
MISC
isahc_project -- isahcAn issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.2019-09-097.5CVE-2019-16140
MISC
jenkins -- script_securityA sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.2019-09-127.5CVE-2019-10399
MLIST
MISC
jenkins -- script_securityA sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts.2019-09-127.5CVE-2019-10400
MLIST
MISC
jobberbase -- jobberbaseIn Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.2019-09-087.5CVE-2019-16125
MISC
MISC
librenms -- librenmsAn issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.2019-09-097.5CVE-2019-10665
MISC
libreoffice -- libreofficeLibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.2019-09-067.5CVE-2019-9854
FEDORA
BUGTRAQ
DEBIAN
CONFIRM
libreoffice -- libreofficeLibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.2019-09-067.5CVE-2019-9855
CONFIRM
lifterlms -- lifterlmsAn issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.2019-09-107.5CVE-2019-15896
MISC
MISC
MISC
limesurvey -- limesurveyA CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.2019-09-097.5CVE-2019-16184
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.2019-09-067.5CVE-2019-16089
MISC
linux -- linux_kerneldrivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.2019-09-117.8CVE-2019-16229
MISC
linux -- linux_kerneldrivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.2019-09-117.8CVE-2019-16230
MISC
linux -- linux_kerneldrivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.2019-09-117.8CVE-2019-16231
MISC
linux -- linux_kerneldrivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.2019-09-117.8CVE-2019-16232
MISC
linux -- linux_kerneldrivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.2019-09-117.8CVE-2019-16233
MISC
linux -- linux_kerneldrivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.2019-09-117.8CVE-2019-16234
MISC
microfocus -- data_protectorPrivileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.2019-09-137.2CVE-2019-11660
CONFIRM
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300.2019-09-117.6CVE-2019-1138
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300.2019-09-117.6CVE-2019-1217
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300.2019-09-117.6CVE-2019-1237
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300.2019-09-117.6CVE-2019-1298
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298.2019-09-117.6CVE-2019-1300
MISC
microsoft -- excelA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.2019-09-119.3CVE-2019-1297
MISC
microsoft -- exchange_serverA denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.2019-09-117.8CVE-2019-1233
MISC
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.2019-09-117.6CVE-2019-1208
MISC
MISC
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.2019-09-117.6CVE-2019-1221
MISC
microsoft -- officeA remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.2019-09-119.3CVE-2019-1246
MISC
microsoft -- team_foundation_serverA remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.2019-09-117.5CVE-2019-1306
MISC
microsoft -- windows_10A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291.2019-09-119.3CVE-2019-0787
MISC
microsoft -- windows_10A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291.2019-09-119.3CVE-2019-0788
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.2019-09-117.2CVE-2019-1214
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.2019-09-117.2CVE-2019-1215
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.2019-09-117.2CVE-2019-1235
MISC
microsoft -- windows_10A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208.2019-09-117.6CVE-2019-1236
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.2019-09-119.3CVE-2019-1240
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.2019-09-119.3CVE-2019-1241
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.2019-09-119.3CVE-2019-1242
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.2019-09-119.3CVE-2019-1243
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.2019-09-119.3CVE-2019-1247
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250.2019-09-119.3CVE-2019-1248
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250.2019-09-119.3CVE-2019-1249
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249.2019-09-119.3CVE-2019-1250
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.2019-09-117.2CVE-2019-1253
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285.2019-09-117.2CVE-2019-1256
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.2019-09-117.2CVE-2019-1267
MISC
microsoft -- windows_10An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.2019-09-117.2CVE-2019-1268
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1272.2019-09-117.2CVE-2019-1269
MISC
microsoft -- windows_10An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'.2019-09-117.2CVE-2019-1271
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1269.2019-09-117.2CVE-2019-1272
MISC
microsoft -- windows_10A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.2019-09-119.3CVE-2019-1280
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256.2019-09-117.2CVE-2019-1285
MISC
microsoft -- windows_10A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291.2019-09-119.3CVE-2019-1290
MISC
microsoft -- windows_10A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290.2019-09-119.3CVE-2019-1291
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1278.2019-09-117.2CVE-2019-1303
MISC
microsoft -- windows_7An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.2019-09-117.2CVE-2019-1284
MISC
msi -- afterburnerThe driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.2019-09-117.2CVE-2019-16098
MISC
opencv -- opencvOpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.2019-09-117.5CVE-2019-16249
MISC
php -- ext-httpA type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.2019-09-067.5CVE-2016-7398
MISC
MISC
MISC
podlove -- podlove_podcast_publisherThe podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.2019-09-137.5CVE-2016-10942
MISC
MISC
MISC
py-lmdb_project -- py-lmdbAn issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation.2019-09-117.5CVE-2019-16224
MISC
py-lmdb_project -- py-lmdbAn issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation.2019-09-117.5CVE-2019-16225
MISC
py-lmdb_project -- py-lmdbAn issue was discovered in py_lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1.2019-09-117.5CVE-2019-16227
MISC
renderdocs-rs_project -- renderdocs-rsAn issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.2019-09-097.5CVE-2019-16142
MISC
MISC
sahipro -- sahi_proAn issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server.2019-09-067.5CVE-2019-15102
MISC
sap -- hanaThe administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.2019-09-107.2CVE-2019-0357
MISC
CONFIRM
sap -- sap_kernelSAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.2019-09-107.8CVE-2019-0365
MISC
CONFIRM
silver-peak -- unity_edgeconnect_sd-wan_firmwareSilver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.2019-09-087.5CVE-2019-16102
MISC
silver-peak -- unity_edgeconnect_sd-wan_firmwareSilver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.2019-09-089.0CVE-2019-16103
MISC
spin-rs_project -- spin-rsAn issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion.2019-09-097.8CVE-2019-16137
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.2019-09-077.5CVE-2019-16092
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.2019-09-077.5CVE-2019-16093
MISC
teamviewer -- teamviewerAn issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials.2019-09-117.2CVE-2019-11769
MISC
MISC
telestar -- bobs_rock_radio_firmwareTELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access.2019-09-1110.0CVE-2019-13473
MISC
MISC
tripplite -- pdumh15at_firmwareTripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.2019-09-128.5CVE-2019-16261
MISC
wondercms -- wondercmsDirectory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors.2019-09-127.5CVE-2019-5956
MISC
wp-kama -- kama_click_counterThe kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.2019-09-139.3CVE-2017-18614
MISC
MISC
youphptube -- youphptubeIn YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.2019-09-087.5CVE-2019-16124
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- photo_galleryCross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.2019-09-084.3CVE-2019-16117
MISC
MISC
MISC
MISC
10web -- photo_galleryCross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.2019-09-084.3CVE-2019-16118
MISC
MISC
MISC
MISC
MISC
adobe -- application_managerAdobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.2019-09-126.8CVE-2019-8076
CONFIRM
afterlogic -- auroraAfterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.2019-09-124.3CVE-2019-16238
MISC
airbrake -- airbrake_rubyThe Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).2019-09-065.0CVE-2019-16060
MISC
alfresco -- alfrescoAn issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).2019-09-065.8CVE-2019-14223
MISC
apache -- ofbizThe "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 18606162019-09-114.3CVE-2019-10073
MLIST
apache -- solrSolr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.2019-09-105.0CVE-2019-12401
MLIST
MLIST
apache -- traffic_controlImproper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.2019-09-096.8CVE-2019-12405
MLIST
arubanetworks -- arubaosSome web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.2019-09-134.3CVE-2019-5314
CONFIRM
atlassian -- jiraThe /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.2019-09-115.0CVE-2019-14995
N/A
atlassian -- jiraThe FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.2019-09-114.3CVE-2019-14996
N/A
atlassian -- jiraThe AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.2019-09-114.3CVE-2019-14997
N/A
atlassian -- jiraThe Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.2019-09-114.3CVE-2019-14998
N/A
atlassian -- jiraThe /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.2019-09-115.0CVE-2019-8449
N/A
atlassian -- jiraThe /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.2019-09-116.4CVE-2019-8451
N/A
bludit -- bluditBludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.2019-09-086.5CVE-2019-16113
MISC
bosch -- accessAn unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.2019-09-124.0CVE-2019-11899
CONFIRM
bower -- bowerBower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.2019-09-135.0CVE-2019-5484
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.2019-09-105.5CVE-2019-14721
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account.2019-09-104.0CVE-2019-14722
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account.2019-09-104.0CVE-2019-14723
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.2019-09-115.0CVE-2019-14724
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.2019-09-114.0CVE-2019-14725
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account.2019-09-106.5CVE-2019-14726
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.2019-09-104.0CVE-2019-14727
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.2019-09-104.0CVE-2019-14728
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.2019-09-105.5CVE-2019-14729
MISC
MISC
MISC
centos-webpanel -- centos_web_panelIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.2019-09-104.0CVE-2019-14730
MISC
MISC
MISC
changehealthcare -- cardiology_firmwareA vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.2019-09-064.6CVE-2018-18630
MISC
MISC
copy-me_project -- copy-meThe copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.2019-09-134.3CVE-2016-10938
MISC
MISC
MISC
couchbase -- couchbase_serverAn issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http server on port 8092 lacks an X-XSS protection header.2019-09-104.3CVE-2019-11464
MISC
couchbase -- couchbase_serverAn issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.2019-09-105.0CVE-2019-11465
MISC
couchbase -- couchbase_serverAn issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Eventing debug endpoint mishandles authentication and audit.2019-09-105.0CVE-2019-11466
MISC
couchbase -- couchbase_serverAn issue was discovered in Couchbase Server 5.0.0. Editing bucket settings resets credentials, and leads to authorization without credentials.2019-09-106.4CVE-2019-11496
MISC
couchbase -- couchbase_serverAn issue was discovered in Couchbase Server 5.0.0. When creating a new remote cluster reference in Couchbase for XDCR, an invalid certificate is accepted. (The correct behavior is to validate the certificate against the remote cluster.)2019-09-105.0CVE-2019-11497
MISC
cybozu -- garoonCybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.2019-09-124.0CVE-2019-5976
MISC
MISC
cybozu -- garoonMail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.2019-09-124.0CVE-2019-5977
MISC
MISC
cybozu -- garoonOpen redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.2019-09-125.8CVE-2019-5978
MISC
MISC
cybozu -- garoonSQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.2019-09-126.5CVE-2019-5991
MISC
MISC
dell -- rsa_identity_governance_and_lifecycleThe RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.2019-09-115.5CVE-2019-3759
CONFIRM
dell -- rsa_identity_governance_and_lifecycleThe RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application.2019-09-116.5CVE-2019-3760
CONFIRM
deltaww -- dcisoftDelta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b.2019-09-114.6CVE-2019-16247
MISC
deltaww -- tpeditorDelta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.2019-09-116.8CVE-2019-13536
MISC
deltaww -- tpeditorDelta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.2019-09-116.8CVE-2019-13540
MISC
deltaww -- tpeditorDelta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution.2019-09-116.8CVE-2019-13544
MISC
designmodo -- qardsThe Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.2019-09-104.3CVE-2017-18598
MISC
digium -- asteriskres_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk.2019-09-094.0CVE-2019-15297
CONFIRM
MISC
digium -- asteriskmain/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.2019-09-095.0CVE-2019-15639
CONFIRM
MISC
easy!appointments_project -- easy!appointmentsEasy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).2019-09-115.0CVE-2019-14936
MISC
eclipse -- omrPrior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.2019-09-124.6CVE-2019-11773
CONFIRM
eclipse -- paho_java_clientIn the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.2019-09-115.0CVE-2019-11777
CONFIRM
elementor -- elementorThe elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.2019-09-106.5CVE-2017-18596
MISC
MISC
getgrav -- grav_cmsGrav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.2019-09-084.3CVE-2019-16126
MISC
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events.2019-09-094.0CVE-2019-11544
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.2019-09-094.0CVE-2019-11545
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues.2019-09-094.3CVE-2019-11547
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.2019-09-094.0CVE-2019-11549
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token.2019-09-095.0CVE-2019-11605
CONFIRM
gitlab -- gitlabAn authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.2019-09-096.5CVE-2019-5473
CONFIRM
MISC
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed.2019-09-095.0CVE-2019-6782
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution.2019-09-096.5CVE-2019-6783
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.2019-09-094.3CVE-2019-6784
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.2019-09-094.0CVE-2019-6785
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known.2019-09-094.0CVE-2019-6786
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.2019-09-095.0CVE-2019-6788
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user.2019-09-094.0CVE-2019-6789
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility.2019-09-094.0CVE-2019-6791
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.2019-09-095.0CVE-2019-6792
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.2019-09-096.8CVE-2019-6793
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch.2019-09-094.0CVE-2019-6794
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering.2019-09-095.8CVE-2019-6795
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues.2019-09-094.0CVE-2019-6995
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups.2019-09-094.0CVE-2019-6996
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles.2019-09-094.0CVE-2019-6997
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.2019-09-094.3CVE-2019-7176
CONFIRM
CONFIRM
glyphandcog -- xpdfreaderXpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.2019-09-064.3CVE-2019-16088
MISC
glyphandcog -- xpdfreaderIn Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.2019-09-086.8CVE-2019-16115
MISC
gnu -- cflowGNU cflow through 1.6 has a use-after-free in the reference function in parser.c.2019-09-094.3CVE-2019-16165
MISC
gnu -- cflowGNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.2019-09-094.3CVE-2019-16166
MISC
google -- androidIn the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-2182
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9248
MISC
google -- androidIn the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9270
MISC
google -- androidIn the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.4CVE-2019-9271
MISC
google -- androidIn the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9273
MISC
google -- androidIn the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9274
MISC
google -- androidIn the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9276
MISC
google -- androidIn the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9426
MISC
google -- androidIn the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.2019-09-064.6CVE-2019-9436
MISC
google -- androidIn the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9441
MISC
google -- androidIn the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9442
MISC
google -- androidIn the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9443
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9446
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9447
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9448
MISC
google -- androidIn the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.4CVE-2019-9450
MISC
google -- androidIn the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9451
MISC
google -- androidIn the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9454
MISC
google -- androidIn the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9456
MISC
google -- androidIn the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-064.6CVE-2019-9457
MISC
google -- androidIn the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2019-09-064.4CVE-2019-9458
MISC
headwaythemes -- headwayThe Headway theme before 3.8.9 for WordPress has XSS via the license key field.2019-09-134.3CVE-2016-10953
MISC
hgw168cc -- yii-cmsYII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html.2019-09-084.3CVE-2019-16130
MISC
MISC
humanica -- humatrixThe Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields.2019-09-105.0CVE-2019-16106
MISC
MISC
ibps_online_exam_project -- ibps_online_examThe examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.2019-09-106.5CVE-2017-18602
EXPLOIT-DB
if.svnadmin_project -- if.svnadminiF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user.2019-09-064.3CVE-2019-15128
MISC
imapfilter_project -- imapfilterIMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.2019-09-085.0CVE-2016-10937
MISC
MISC
jtrt_responsive_tables_project -- jtrt_responsive_tablesThe jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.2019-09-106.5CVE-2017-18597
MISC
MISC
MISC
k-takata -- onigmoOnigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.2019-09-095.0CVE-2019-16161
MISC
MISC
k-takata -- onigmoOnigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c.2019-09-095.0CVE-2019-16162
MISC
kartatopia -- piluscartIn Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.2019-09-085.0CVE-2019-16123
MISC
MISC
kilo_project -- kiloKilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row.2019-09-085.0CVE-2019-16096
MISC
MISC
MISC
MISC
librenms -- librenmsAn issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.2019-09-096.8CVE-2019-10666
MISC
librenms -- librenmsAn issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths.2019-09-095.0CVE-2019-10667
MISC
librenms -- librenmsAn issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible.2019-09-096.4CVE-2019-10668
MISC
librenms -- librenmsAn issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().2019-09-096.5CVE-2019-10669
MISC
MISC
librenms -- librenmsAn issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php.2019-09-094.3CVE-2019-10670
MISC
librenms -- librenmsAn issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.2019-09-096.5CVE-2019-10671
MISC
librenms -- librenmsAn issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ.2019-09-096.5CVE-2019-12463
MISC
librenms -- librenmsAn issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.2019-09-096.0CVE-2019-12464
MISC
librenms -- librenmsAn issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.2019-09-095.5CVE-2019-12465
MISC
libslirp_project -- libslirplibslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.2019-09-065.0CVE-2019-15890
CONFIRM
MISC
liferay -- liferay_portalLiferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.2019-09-094.3CVE-2019-16147
MISC
limesurvey -- limesurveyAn XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.2019-09-096.8CVE-2019-16174
MISC
MISC
limesurvey -- limesurveyA clickjacking vulnerability was found in Limesurvey before 3.17.14.2019-09-094.3CVE-2019-16175
MISC
MISC
limesurvey -- limesurveyA path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem.2019-09-095.0CVE-2019-16176
MISC
MISC
limesurvey -- limesurveyIn Limesurvey before 3.17.14, the entire database is exposed through browser caching.2019-09-095.0CVE-2019-16177
MISC
MISC
limesurvey -- limesurveyLimesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.2019-09-095.0CVE-2019-16179
MISC
MISC
limesurvey -- limesurveyLimesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.2019-09-095.0CVE-2019-16180
MISC
MISC
limesurvey -- limesurveyIn Limesurvey before 3.17.14, admin users can mark other users' notifications as read.2019-09-094.0CVE-2019-16181
MISC
MISC
limesurvey -- limesurveyA reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.2019-09-094.3CVE-2019-16182
MISC
MISC
limesurvey -- limesurveyIn Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions.2019-09-094.0CVE-2019-16183
MISC
MISC
limesurvey -- limesurveyIn Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.2019-09-096.5CVE-2019-16185
MISC
MISC
limesurvey -- limesurveyIn Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.2019-09-096.5CVE-2019-16186
MISC
MISC
limesurvey -- limesurveyLimesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script.2019-09-095.0CVE-2019-16187
MISC
MISC
magicfields -- magic_fieldsThe magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.2019-09-104.3CVE-2017-18609
MISC
MISC
magicfields -- magic_fieldsThe magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter.2019-09-104.3CVE-2017-18610
MISC
MISC
magicfields -- magic_fieldsThe magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.2019-09-104.3CVE-2017-18611
MISC
MISC
mautic -- mauticAn issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.2019-09-064.3CVE-2018-11198
MISC
CONFIRM
mcafee -- active_responseMcAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.2019-09-115.0CVE-2019-3643
CONFIRM
mcafee -- active_responseMcAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.2019-09-115.0CVE-2019-3644
CONFIRM
mcafee -- web_gatewayReflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.2019-09-124.3CVE-2019-3638
CONFIRM
mendix -- mendixIn Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe.2019-09-105.0CVE-2019-12996
CONFIRM
microfocus -- service_managerHTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.2019-09-105.0CVE-2019-11668
CONFIRM
microfocus -- service_managerModifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.2019-09-105.0CVE-2019-11669
CONFIRM
microsoft -- .net_coreA denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.2019-09-115.0CVE-2019-1301
MISC
microsoft -- asp.net_coreAn elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.2019-09-116.8CVE-2019-1302
MISC
microsoft -- edgeA security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.2019-09-114.3CVE-2019-1220
MISC
microsoft -- edgeAn information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'.2019-09-114.3CVE-2019-1299
MISC
microsoft -- excelAn information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.2019-09-114.3CVE-2019-1263
MISC
microsoft -- exchange_serverA spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.2019-09-114.3CVE-2019-1266
MISC
microsoft -- lyncAn information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.2019-09-114.3CVE-2019-1209
MISC
microsoft -- officeA security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.2019-09-116.8CVE-2019-1264
MISC
microsoft -- project_romeAn information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'.2019-09-114.3CVE-2019-1231
MISC
microsoft -- sharepoint_enterprise_serverA remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.2019-09-116.5CVE-2019-1257
MISC
microsoft -- sharepoint_enterprise_serverAn elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.2019-09-114.0CVE-2019-1260
MISC
microsoft -- sharepoint_enterprise_serverA spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.2019-09-116.8CVE-2019-1261
MISC
microsoft -- sharepoint_enterprise_serverA remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.2019-09-116.5CVE-2019-1295
MISC
microsoft -- sharepoint_enterprise_serverA remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.2019-09-116.5CVE-2019-1296
MISC
microsoft -- sharepoint_foundationA spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.2019-09-116.8CVE-2019-1259
MISC
microsoft -- visual_studioAn elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.2019-09-114.6CVE-2019-1232
MISC
microsoft -- windows_10A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.2019-09-115.5CVE-2019-0928
MISC
microsoft -- windows_10An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.2019-09-114.3CVE-2019-1244
MISC
microsoft -- windows_10An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251.2019-09-114.3CVE-2019-1245
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286.2019-09-114.3CVE-2019-1252
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.2019-09-114.6CVE-2019-1277
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303.2019-09-114.6CVE-2019-1278
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252.2019-09-114.3CVE-2019-1286
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'.2019-09-114.6CVE-2019-1287
MISC
microsoft -- windows_10A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.2019-09-116.8CVE-2019-1292
MISC
microsoft -- yammerA security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka 'Microsoft Yammer Security Feature Bypass Vulnerability'.2019-09-115.0CVE-2019-1265
MISC
misp -- mispMISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.2019-09-104.0CVE-2019-16202
CONFIRM
MISC
MISC
myhtml_project -- myhtmlMyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c.2019-09-094.3CVE-2019-16164
MISC
netapp -- oncommand_workflow_automationOnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.2019-09-105.0CVE-2019-5503
CONFIRM
netattingo -- wp-whois-domainThe wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter.2019-09-134.3CVE-2017-18612
MISC
MISC
netgear -- wnr2000_firmwareAn exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.2019-09-115.0CVE-2019-5054
MISC
netgear -- wnr2000_firmwareAn exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.2019-09-115.0CVE-2019-5055
MISC
nic -- birdBIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.2019-09-095.0CVE-2019-16159
MISC
MISC
MISC
MISC
MISC
MISC
ntt-east -- pr-400ki_firmwareCross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.2019-09-126.8CVE-2019-5986
MISC
CONFIRM
oceanwp -- ocean_extraincludes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence.2019-09-115.0CVE-2019-16250
MISC
once_cell_project -- once_cellAn issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.2019-09-095.0CVE-2019-16141
MISC
MISC
oniguruma_project -- onigurumaOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.2019-09-095.0CVE-2019-16163
MISC
MISC
MISC
MLIST
opensc_project -- openscAn issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.2019-09-065.0CVE-2019-16058
MLIST
MISC
openssl -- opensslOpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).2019-09-105.0CVE-2019-1549
CONFIRM
CONFIRM
openssl -- opensslIn situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).2019-09-104.3CVE-2019-1563
MISC
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
CONFIRM
opmantek -- open-auditThe Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.2019-09-136.5CVE-2019-16293
MISC
padrinorb -- padrino-contribThe breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption.2019-09-094.3CVE-2019-16145
MISC
pagelines -- pagelinesThe PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.2019-09-136.8CVE-2016-10945
MISC
panasonic -- video_insight_vmsSQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.2019-09-126.5CVE-2019-5996
MISC
phpmyadmin -- phpmyadminA CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.2019-09-135.8CVE-2019-12922
MISC
MISC
EXPLOIT-DB
phpok -- okliteframework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.2019-09-086.5CVE-2019-16131
MISC
phpok -- okliteAn issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.2019-09-085.5CVE-2019-16132
MISC
picoc_project -- picocPicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.2019-09-136.8CVE-2019-16277
MISC
pinfinity_project -- pinfinityThe Pinfinity theme before 2.0 for WordPress has XSS via the s parameter.2019-09-104.3CVE-2017-18599
MISC
piwigo -- piwigoadmin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm&#95;send&#95;html&#95;mail, nbm&#95;send&#95;mail&#95;as, nbm&#95;send&#95;detailed&#95;content, nbm&#95;complementary&#95;mail&#95;content, nbm&#95;send&#95;recent&#95;post&#95;dates, or param&#95;submit parameter. This is exploitable via CSRF.2019-09-136.8CVE-2019-13363
MISC
MISC
MISC
MISC
piwigo -- piwigoadmin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat&#95;number, billing&#95;name, company, or billing&#95;address parameter. This is exploitable via CSRF.2019-09-136.8CVE-2019-13364
MISC
MISC
MISC
MISC
plataformatec -- deviseAn issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.)2019-09-085.0CVE-2019-16109
MISC
MISC
MISC
podlove -- podlove_podcast_publisherThe podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.2019-09-134.3CVE-2016-10941
MISC
MISC
MISC
postman-smtp_project -- postman-smtpThe postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.2019-09-104.3CVE-2017-18603
MISC
MISC
py-lmdb_project -- py-lmdbAn issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation.2019-09-115.0CVE-2019-16226
MISC
py-lmdb_project -- py-lmdbAn issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field.2019-09-115.0CVE-2019-16228
MISC
python -- pythonAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.2019-09-065.0CVE-2019-16056
MISC
MISC
FEDORA
sakailms -- sakaiSakai through 12.6 allows XSS via a chat user name.2019-09-094.3CVE-2019-16148
MISC
sap -- businessobjects_business_intelligence_platformIn SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.2019-09-105.0CVE-2019-0352
MISC
CONFIRM
sap -- hana_extended_application_servicesAttackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.2019-09-105.5CVE-2019-0363
MISC
CONFIRM
sap -- hana_extended_application_servicesAttackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.2019-09-104.0CVE-2019-0364
MISC
CONFIRM
sap -- netweaver_application_server_javaSAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.2019-09-106.5CVE-2019-0355
MISC
CONFIRM
sap -- netweaver_process_integrationUnder certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.2019-09-104.0CVE-2019-0356
MISC
CONFIRM
sap -- supplier_relationship_managementSAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2019-09-104.3CVE-2019-0361
MISC
CONFIRM
sapplica -- sentrifugoSentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.2019-09-066.8CVE-2019-16059
MISC
search_exclude_project -- search_excludesearch-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes.2019-09-095.0CVE-2019-15895
MISC
MISC
MISC
senecajs -- senecaSeneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users.2019-09-095.0CVE-2019-5483
MISC
silver-peak -- unity_edgeconnect_sd-wan_firmwareSilver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.2019-09-086.8CVE-2019-16099
MISC
silver-peak -- unity_edgeconnect_sd-wan_firmwareSilver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.2019-09-085.0CVE-2019-16100
MISC
silver-peak -- unity_edgeconnect_sd-wan_firmwareSilver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI.2019-09-085.0CVE-2019-16101
MISC
silver-peak -- unity_edgeconnect_sd-wan_firmwareSilver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.2019-09-084.3CVE-2019-16104
MISC
silver-peak -- unity_edgeconnect_sd-wan_firmwareSilver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.2019-09-084.0CVE-2019-16105
MISC
sirv -- sirvThe sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.2019-09-136.5CVE-2016-10950
MISC
MISC
MISC
sitebuilder_dynamic_components_project -- sitebuilder_dynamic_componentsThe sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.2019-09-105.0CVE-2017-18604
MISC
MISC
slickquiz_project -- slickquizThe slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI.2019-09-136.5CVE-2019-12516
MISC
MISC
slickquiz_project -- slickquizAn XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber.2019-09-134.3CVE-2019-12517
MISC
MISC
spot -- spot.im_commentsThe spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues.2019-09-104.3CVE-2017-18608
MISC
MISC
sqlite -- sqliteIn SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."2019-09-095.0CVE-2019-16168
MISC
MISC
MISC
ss-proj -- shirasagiOpen redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2019-09-125.8CVE-2019-6009
MISC
MISC
MISC
MISC
MISC
supervisord -- supervisorIn supervisord in Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. WARNING: This issue will not be fixed by the maintainer. The ability to run an open server will not be removed because users often use it for local development, therefore no action will be taken.2019-09-106.4CVE-2019-12105
MISC
MISC
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.2019-09-075.0CVE-2019-16091
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.2019-09-075.0CVE-2019-16094
MISC
symonics -- libmysofaSymonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.2019-09-075.0CVE-2019-16095
MISC
sysstat_project -- sysstatsysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.2019-09-094.3CVE-2019-16167
MISC
MISC
teammatesolutions -- teammate+A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request.2019-09-094.3CVE-2019-10253
MISC
MISC
telegram -- telegramThe "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message).2019-09-115.0CVE-2019-16248
MISC
MISC
MISC
theme-fusion -- avadaThe avada theme before 5.1.5 for WordPress has stored XSS.2019-09-104.3CVE-2017-18606
MISC
theme-fusion -- avadaThe avada theme before 5.1.5 for WordPress has CSRF.2019-09-106.8CVE-2017-18607
MISC
trendmicro -- deep_security_managerTrend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).2019-09-114.0CVE-2019-9488
N/A
tri -- event_ticketsCSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.2019-09-086.5CVE-2019-16120
MISC
MISC
MISC
trust_form_project -- trust_formThe trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.2019-09-134.3CVE-2017-18613
MISC
MISC
ultra-prod -- wordpress_ultra_simple_paypal_shopping_cartCross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2019-09-126.8CVE-2019-5992
MISC
vsourz -- cf7_invisible_recaptchaThe cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.2019-09-094.3CVE-2018-21012
MISC
MISC
weaver -- eteams_oaAn issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.2019-09-084.0CVE-2019-16133
MISC
wordpress -- wordpressWordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.2019-09-114.3CVE-2019-16217
MISC
MISC
wordpress -- wordpressWordPress before 5.2.3 allows XSS in stored comments.2019-09-114.3CVE-2019-16218
MISC
MISC
wordpress -- wordpressWordPress before 5.2.3 allows XSS in shortcode previews.2019-09-114.3CVE-2019-16219
MISC
MISC
MISC
wordpress -- wordpressIn WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.2019-09-115.8CVE-2019-16220
MISC
MISC
MISC
MISC
wordpress -- wordpressWordPress before 5.2.3 allows reflected XSS in the dashboard.2019-09-114.3CVE-2019-16221
MISC
MISC
wordpress -- wordpressWordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.2019-09-114.3CVE-2019-16222
MISC
MISC
MISC
MISC
wp-kama -- kama_click_counterThe kama-clic-counter plugin before 3.5.0 for WordPress has XSS.2019-09-134.3CVE-2017-18615
MISC
wpcharitable -- charitableThe charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.2019-09-095.0CVE-2018-21011
MISC
MISC
xtremelocator -- xtremelocatorThe xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.2019-09-136.5CVE-2016-10939
MISC
MISC
xwiki -- cryptpadThe pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.2019-09-115.5CVE-2019-15302
MISC
CONFIRM
zm-gallery_project -- zm-galleryThe zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.2019-09-136.5CVE-2016-10940
MISC
MISC
zx-csv-upload_project -- zx-csv-uploadThe zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.2019-09-136.5CVE-2016-10943
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
atlassian -- jiraVarious templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.2019-09-113.5CVE-2019-8450
N/A
buddyboss -- buddymoss_mediaThe buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.2019-09-093.5CVE-2018-21014
MISC
cybozu -- garoonDOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2019-09-123.5CVE-2019-5975
MISC
MISC
dell -- rsa_identity_governance_and_lifecycleThe RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application.2019-09-113.5CVE-2019-3761
CONFIRM
dell -- rsa_identity_governance_and_lifecycleThe RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.2019-09-112.1CVE-2019-3763
CONFIRM
esri -- arcgis_enterpriseIn ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.2019-09-113.5CVE-2019-16193
MISC
getgophish -- gophishGophish through 0.8.0 allows XSS via a username.2019-09-093.5CVE-2019-16146
MISC
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge.2019-09-093.5CVE-2019-11546
CONFIRM
CONFIRM
gitlab -- gitlabAn issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.2019-09-093.5CVE-2019-11548
CONFIRM
CONFIRM
google -- androidIn the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2019-09-062.1CVE-2019-9245
MISC
google -- androidIn the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.2019-09-062.1CVE-2019-9444
MISC
google -- androidIn the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.2019-09-062.1CVE-2019-9445
MISC
google -- androidIn the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.2019-09-062.1CVE-2019-9449
MISC
google -- androidIn the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2019-09-062.1CVE-2019-9452
MISC
google -- androidIn the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.2019-09-062.1CVE-2019-9453
MISC
google -- androidIn the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2019-09-062.1CVE-2019-9455
MISC
ibps_online_exam_project -- ibps_online_examThe examapp plugin 1.0 for WordPress has XSS via exam input text fields.2019-09-103.5CVE-2017-18601
EXPLOIT-DB
jenkins -- beaker_builderJenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.2019-09-122.1CVE-2019-10398
MLIST
MISC
limesurvey -- limesurveyLimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.2019-09-093.5CVE-2019-16172
MISC
FULLDISC
MISC
BUGTRAQ
MISC
limesurvey -- limesurveyLimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,2019-09-093.5CVE-2019-16173
MISC
FULLDISC
MISC
BUGTRAQ
MISC
limesurvey -- limesurveyA stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page.2019-09-093.5CVE-2019-16178
MISC
MISC
microsoft -- .net_frameworkAn elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.2019-09-112.1CVE-2019-1142
MISC
microsoft -- sharepoint_foundationA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.2019-09-113.5CVE-2019-1262
MISC
microsoft -- team_foundation_serverA Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.2019-09-113.5CVE-2019-1305
MISC
microsoft -- windows_10An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.2019-09-112.1CVE-2019-1216
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.2019-09-112.1CVE-2019-1219
MISC
microsoft -- windows_10An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245.2019-09-112.1CVE-2019-1251
MISC
microsoft -- windows_10An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.2019-09-112.1CVE-2019-1254
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'.2019-09-113.6CVE-2019-1270
MISC
microsoft -- windows_10A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.2019-09-113.5CVE-2019-1273
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'.2019-09-112.1CVE-2019-1274
MISC
microsoft -- windows_10An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.2019-09-112.1CVE-2019-1282
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'.2019-09-113.6CVE-2019-1289
MISC
microsoft -- windows_10An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'.2019-09-112.1CVE-2019-1293
MISC
microsoft -- windows_10A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.2019-09-112.1CVE-2019-1294
MISC
microsoft -- windows_7An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.2019-09-112.1CVE-2019-1283
MISC
ncrafts -- formcraftThe formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.2019-09-103.5CVE-2017-18600
MISC
openssl -- opensslNormally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).2019-09-101.9CVE-2019-1547
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
CONFIRM
sap -- business_one_clientUnder certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.2019-09-102.1CVE-2019-0353
MISC
CONFIRM
ttlock -- ttlockTTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable.2019-09-103.3CVE-2019-12942
MISC
ttlock -- ttlockTTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.2019-09-102.6CVE-2019-12943
MISC
w1.fi -- hostapdhostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.2019-09-123.3CVE-2019-16275
MLIST
MISC
MISC
MISC
webcraftic -- woody_ad_snippetsThe insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.2019-09-133.5CVE-2019-16289
MISC
MISC
MISC
wordpress -- wordpressWordPress before 5.2.3 allows XSS in post previews by authenticated users.2019-09-113.5CVE-2019-16223
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3s_smart_software_solutions -- codesys_v3_web_serverCODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.2019-09-13not yet calculatedCVE-2019-13532
MISC
3s_smart_software_solutions -- codesys_v3_web_serverCODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.2019-09-13not yet calculatedCVE-2019-13548
MISC
arubanetworks -- arubaosA command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.2019-09-13not yet calculatedCVE-2019-5315
CONFIRM
arubanetworks -- arubaosA remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked.2019-09-13not yet calculatedCVE-2018-7081
CONFIRM
MISC
bosch -- access_professional_editionUnauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.2019-09-12not yet calculatedCVE-2019-11898
CONFIRM
dino -- dinoDino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.2019-09-11not yet calculatedCVE-2019-16235
MLIST
MISC
MISC
dino -- dinoDino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.2019-09-11not yet calculatedCVE-2019-16236
MLIST
MISC
MISC

dino -- dino

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.2019-09-11not yet calculatedCVE-2019-16237
MLIST
MISC
MISC
ec-cube -- amazon_pay_pluginCross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2019-09-12not yet calculatedCVE-2019-6003
MISC
MISC
eclipse_foundation -- eclipse_omrPrior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.2019-09-12not yet calculatedCVE-2019-11774
CONFIRM
flamenet -- flamecmsFlameCMS 3.3.5 has SQL injection in account/login.php via accountName.2019-09-14not yet calculatedCVE-2019-16309
MISC
fuji_xerox -- apeosware_management_suite_and_apeosware_management_suite_2Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2019-09-12not yet calculatedCVE-2019-6004
MISC
MISC
fuji_xerox -- docushareA Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).2019-09-14not yet calculatedCVE-2019-16307
MISC
gitlab -- community_and_enterprise_editionAn input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.2019-09-09not yet calculatedCVE-2019-5471
MISC
CONFIRM
MISC
gitlab -- community_and_enterprise_editionAn input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.2019-09-09not yet calculatedCVE-2019-5461
MISC
CONFIRM
MISC
gitlab -- community_and_enterprise_editionAn authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.2019-09-09not yet calculatedCVE-2019-5463
CONFIRM
MISC
gitlab -- community_and_enterprise_editionAn input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.2019-09-09not yet calculatedCVE-2019-5467
CONFIRM
MISC
harbor -- harborcore/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.9.0-rc1.2019-09-08not yet calculatedCVE-2019-16097
MISC
MISC
hikari_denwa -- router_operating_system
 
Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2019-09-12not yet calculatedCVE-2019-5985
MISC
CONFIRM
ifw8 -- router_romifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.2019-09-14not yet calculatedCVE-2019-16313
MISC
indexhibit -- indexhibitIndexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.2019-09-14not yet calculatedCVE-2019-16314
MISC
integard -- integard_home_and_integard_pro_2The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution.2019-09-13not yet calculatedCVE-2010-5333
MISC
MISC
MISC
jenkins -- jenkinsA sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.2019-09-12not yet calculatedCVE-2019-10393
MLIST
MISC
jenkins -- jenkinsJenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties.2019-09-12not yet calculatedCVE-2019-10395
MLIST
MISC
jenkins -- jenkinsJenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.2019-09-12not yet calculatedCVE-2019-10396
MLIST
MISC
jenkins -- jenkinsJenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.2019-09-12not yet calculatedCVE-2019-10397
MLIST
MISC
jenkins -- jenkinsA sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.2019-09-12not yet calculatedCVE-2019-10394
MLIST
MISC
jenkins -- jenkinsJenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.2019-09-12not yet calculatedCVE-2019-10392
MLIST
MISC
jhipster -- jhipster_and_jhipster_kotlinA class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.2019-09-13not yet calculatedCVE-2019-16303
MISC
MISC
MISC
MISC
MISC
kddi_corporation -- smart_tv_boxSmart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.2019-09-12not yet calculatedCVE-2019-6005
MISC
libra -- libraLibra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \r character.2019-09-11not yet calculatedCVE-2019-16214
MISC
MISC
MISC
line_corporation -- apng-drawableInteger overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors.2019-09-12not yet calculatedCVE-2019-6007
MISC
linux -- linux_kernelIn the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.2019-09-13not yet calculatedCVE-2019-15031
MISC
MISC
linux -- linux_kernelIn the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.2019-09-13not yet calculatedCVE-2019-15030
MISC
MISC
mcafee -- total_protection_free_antivirus_trialDLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.2019-09-13not yet calculatedCVE-2019-3646
CONFIRM
mobatech -- mobaxtermIn MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.2019-09-14not yet calculatedCVE-2019-16305
MISC
motorola -- motorola_devicesSome Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.2019-09-12not yet calculatedCVE-2019-16257
MISC
niushop -- niushopNIUSHOP V1.11 has CSRF via search&#95;info to index.php.2019-09-14not yet calculatedCVE-2019-16311
MISC
niushop -- niushopNIUSHOP V1.11 has XSS via the index.php?s=/admin URI.2019-09-14not yet calculatedCVE-2019-16310
MISC
notepad++ -- notepad++SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.2019-09-14not yet calculatedCVE-2019-16294
MISC
MISC
MISC
nxp_semiconductors -- kinetis_kv1x_and_kinetis_kv3x_and_kinetis_k8x_devicesOn NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution.2019-09-12not yet calculatedCVE-2019-14237
MISC
philips -- intellivue_m3002a_x2_mms_transport_monitor/module_and_ intellivue_mp_monitorsPhilips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware.2019-09-12not yet calculatedCVE-2019-13530
MISC
philips -- intellivue_m3002a_x2_mms_transport_monitor/module_and_ intellivue_mp_monitorsPhilips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.2019-09-12not yet calculatedCVE-2019-13534
MISC
pimcore -- pimcoreIn Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.2019-09-14not yet calculatedCVE-2019-16318
MISC
MISC
pimcore -- pimcoreIn Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.2019-09-14not yet calculatedCVE-2019-16317
MISC
MISC
s-cms -- s-cmss-cms V3.0 has XSS in index.php?type=text via the S_id parameter.2019-09-14not yet calculatedCVE-2019-16312
MISC
samsung -- samsung_devicesSome Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.2019-09-12not yet calculatedCVE-2019-16256
MISC
siemens -- ei/wsn-pa_link_wirelesshart_gatewayA vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.2019-09-13not yet calculatedCVE-2019-13923
MISC
siemens -- simatic_tdc_cp51m1_moduleA vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13not yet calculatedCVE-2019-10937
MISC
siemens -- sinema_remote_connect_serverA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13not yet calculatedCVE-2019-13919
MISC
siemens -- sinema_remote_connect_serverA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13not yet calculatedCVE-2019-13918
MISC
siemens -- sinema_remote_connect_serverA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13not yet calculatedCVE-2019-13920
MISC
siemens -- sinema_remote_connect_serverA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13not yet calculatedCVE-2019-13922
MISC
stmicroelectronics -- stm32l_family_devicesOn STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.2019-09-12not yet calculatedCVE-2019-14236
MISC
vivotek -- ipcam_firmwareAn authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.2019-09-10not yet calculatedCVE-2019-10256
CONFIRM
MISC
vivotek -- ipcam_firmwareVIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.2019-09-10not yet calculatedCVE-2019-14457
CONFIRM
wordpress -- wordpressThe fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.2019-09-13not yet calculatedCVE-2016-10951
MISC
MISC
MISC
wordpress -- wordpressThe Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.2019-09-13not yet calculatedCVE-2016-10947
MISC
wordpress -- wordpressThe Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.2019-09-13not yet calculatedCVE-2016-10948
MISC
wordpress -- wordpressThe Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.2019-09-13not yet calculatedCVE-2016-10949
MISC
wordpress -- wordpressCross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2019-09-12not yet calculatedCVE-2019-5993
MISC
wordpress -- wordpressThe quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.2019-09-13not yet calculatedCVE-2016-10952
MISC
MISC
MISC
wordpress -- wordpressThe Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.2019-09-13not yet calculatedCVE-2016-10954
MISC
wordpress -- wordpressThe cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.2019-09-13not yet calculatedCVE-2016-10955
MISC
MISC
wordpress -- wordpressThe Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.2019-09-09not yet calculatedCVE-2018-21013
MISC
wordpress -- wordpressThe multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.2019-09-13not yet calculatedCVE-2016-10944
MISC
MISC
wordpress -- wordpressThe wp-d3 plugin before 2.4.1 for WordPress has CSRF.2019-09-13not yet calculatedCVE-2016-10946
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.