Vulnerability Summary for the Week of October 7, 2019

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adhouma_cms_project -- adhouma_cms	Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.	2019-10-10	7.5	CVE-2019-17429 MISC
awplife -- contact_form_widget	The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.	2019-10-10	7.5	CVE-2019-17072 MISC MISC
centreon -- centreon_vm	In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.	2019-10-08	10.0	CVE-2018-21025 MLIST MISC MISC
fasterxml -- jackson-databind	A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.	2019-10-06	7.5	CVE-2019-17267 MISC MISC
fon -- fon2601e-fsw-b_firmware	FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities.	2019-10-04	7.8	CVE-2019-6015 MISC MISC
gnome -- libsoup	libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.	2019-10-06	7.5	CVE-2019-17266 MISC MISC MISC MISC MISC MISC UBUNTU MISC
ibm -- mq	IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.	2019-10-04	7.5	CVE-2019-4227 XF CONFIRM
ibm -- spectrum_scale	A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.	2019-10-09	7.2	CVE-2019-4558 XF CONFIRM
intelliantech -- remote_access	Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.	2019-10-06	10.0	CVE-2019-17269 MISC
k-78 -- broken_link_manager	The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.	2019-10-10	7.5	CVE-2015-9467 MISC MISC MISC
linux -- linux_kernel	In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.	2019-10-04	7.5	CVE-2019-17133 MISC
microsoft -- chakracore	A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366.	2019-10-10	7.6	CVE-2019-1307 MISC
microsoft -- chakracore	A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366.	2019-10-10	7.6	CVE-2019-1308 MISC
microsoft -- chakracore	A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366.	2019-10-10	7.6	CVE-2019-1335 MISC
microsoft -- chakracore	A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.	2019-10-10	7.6	CVE-2019-1366 MISC
microsoft -- excel	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.	2019-10-10	9.3	CVE-2019-1327 MISC
microsoft -- excel	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.	2019-10-10	9.3	CVE-2019-1331 MISC
microsoft -- internet_explorer	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.	2019-10-10	7.1	CVE-2019-1238 MISC
microsoft -- internet_explorer	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.	2019-10-10	7.6	CVE-2019-1239 MISC
microsoft -- windows_10	A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.	2019-10-10	9.3	CVE-2019-1060 MISC
microsoft -- windows_10	A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.	2019-10-10	9.3	CVE-2019-1311 MISC
microsoft -- windows_10	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.	2019-10-10	7.2	CVE-2019-1315 MISC
microsoft -- windows_10	An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.	2019-10-10	7.2	CVE-2019-1316 MISC
microsoft -- windows_10	An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.	2019-10-10	7.2	CVE-2019-1319 MISC
microsoft -- windows_10	An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336.	2019-10-10	7.2	CVE-2019-1323 MISC
microsoft -- windows_10	A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.	2019-10-10	7.8	CVE-2019-1326 MISC
microsoft -- windows_10	A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.	2019-10-10	9.3	CVE-2019-1333 MISC
microsoft -- windows_10	An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323.	2019-10-10	7.2	CVE-2019-1336 MISC
nex-forms_-_ultimate_form_builder_project -- nex-forms_-_ultimate_form_builder	The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.	2019-10-07	7.5	CVE-2015-9452 MISC MISC MISC
open-emr -- openemr	OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.	2019-10-05	7.5	CVE-2019-17197 MISC MISC
pcprotect -- antivirus	PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse.	2019-10-07	7.2	CVE-2019-16913 MISC
signal -- signal_private_messenger	DISPUTED The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.	2019-10-04	7.5	CVE-2019-17192 MISC MISC MISC
sitos -- sitos_six	SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.	2019-10-07	10.0	CVE-2019-15746 MISC
sitos -- sitos_six	SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code.	2019-10-07	7.5	CVE-2019-15748 MISC
sitos -- sitos_six	An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application.	2019-10-07	10.0	CVE-2019-15751 MISC
sizmic -- plugmatter_optin_feature_box	The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.	2019-10-07	7.5	CVE-2015-9450 MISC MISC MISC
sizmic -- plugmatter_optin_feature_box	The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.	2019-10-07	7.5	CVE-2015-9451 MISC MISC MISC
xen -- xen	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.	2019-10-07	7.2	CVE-2019-17346 MISC
xerox -- atlalink_firmware	Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.	2019-10-04	7.5	CVE-2019-17184 MISC
zingbox -- inspector	A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.	2019-10-09	9.0	CVE-2019-15014 MISC
zingbox -- inspector	A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.	2019-10-09	7.5	CVE-2019-15019 MISC
zingbox -- inspector	A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.	2019-10-09	7.5	CVE-2019-15020 MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apache -- hadoop	In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.	2019-10-04	5.0	CVE-2018-11768 MISC MLIST MLIST MLIST MLIST
axiosys -- bento4	Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.	2019-10-10	4.3	CVE-2019-17452 MISC
axiosys -- bento4	Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.	2019-10-10	4.3	CVE-2019-17453 MISC MISC
axiosys -- bento4	Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.	2019-10-10	4.3	CVE-2019-17454 MISC
bludit -- bludit	bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.	2019-10-06	4.3	CVE-2019-17240 MISC MISC
brinidesigner -- awesome_filterable_portfolio	The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.	2019-10-10	6.5	CVE-2015-9461 MISC MISC MISC
centreon -- centreon_vm	In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.	2019-10-08	5.0	CVE-2019-17104 MLIST MISC MISC
centreon -- centreon_web	In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.	2019-10-08	4.0	CVE-2019-17106 MLIST MISC MISC
cpanel -- cpanel	cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).	2019-10-09	6.5	CVE-2019-17375 MISC MISC
cpanel -- cpanel	cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).	2019-10-09	4.3	CVE-2019-17376 MISC
cpanel -- cpanel	cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).	2019-10-09	4.3	CVE-2019-17377 MISC
cpanel -- cpanel	cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).	2019-10-09	4.3	CVE-2019-17378 MISC
cpanel -- cpanel	cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).	2019-10-09	4.3	CVE-2019-17379 MISC
cpanel -- cpanel	cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).	2019-10-09	4.3	CVE-2019-17380 MISC
elementor -- elementor	The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.	2019-10-07	4.3	CVE-2018-18379 MISC MISC MISC
eleopard -- animate_it!	The animate-it plugin before 2.3.4 for WordPress has XSS.	2019-10-09	4.3	CVE-2019-17384 MISC MISC
eleopard -- animate_it!	The animate-it plugin before 2.3.5 for WordPress has XSS.	2019-10-09	4.3	CVE-2019-17385 MISC MISC
etoilewebdesign -- ultimate_faq	Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.	2019-10-07	5.0	CVE-2019-17232 MISC MISC MISC
etoilewebdesign -- ultimate_faq	Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.	2019-10-07	4.3	CVE-2019-17233 MISC MISC MISC
exiv2 -- exiv2	Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.	2019-10-09	4.3	CVE-2019-17402 MISC
eyoucms -- eyoucms	EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.	2019-10-10	4.3	CVE-2019-17430 MISC MISC
fastadmin -- fastadmin	An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.	2019-10-10	6.8	CVE-2019-17431 MISC
fecmall -- fecmall	An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function.	2019-10-04	6.5	CVE-2019-17188 MISC
fiberhome -- hg2201t_firmware	/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.	2019-10-08	5.0	CVE-2019-17187 MISC
foxitsoftware -- phantompdf	This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656.	2019-10-04	6.8	CVE-2019-13315 MISC MISC
foxitsoftware -- phantompdf	This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757.	2019-10-04	6.8	CVE-2019-13316 MISC MISC
foxitsoftware -- phantompdf	This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759.	2019-10-04	6.8	CVE-2019-13317 MISC MISC
foxitsoftware -- phantompdf	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544.	2019-10-04	4.3	CVE-2019-13318 MISC MISC
foxitsoftware -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669.	2019-10-04	6.8	CVE-2019-13319 MISC MISC
foxitsoftware -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814.	2019-10-04	6.8	CVE-2019-13320 MISC MISC
foxitsoftware -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8295.	2019-10-04	6.8	CVE-2019-6774 MISC MISC
foxitsoftware -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8491.	2019-10-04	6.8	CVE-2019-6775 MISC MISC
foxitsoftware -- phantompdf	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8801.	2019-10-04	6.8	CVE-2019-6776 MISC MISC
foxitsoftware -- reader	Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists.	2019-10-04	5.0	CVE-2019-17183 MISC
freerdp -- freerdp	libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.	2019-10-04	5.0	CVE-2019-17177 MISC MISC
freerdp -- freerdp	HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.	2019-10-04	5.0	CVE-2019-17178 MISC MISC
gonitro -- nitropdf	A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.	2019-10-09	6.8	CVE-2019-5045 MISC
gonitro -- nitropdf	A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.	2019-10-09	6.8	CVE-2019-5046 MISC
gonitro -- nitropdf	An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability.	2019-10-09	6.8	CVE-2019-5047 MISC
gonitro -- nitropdf	A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.	2019-10-09	6.8	CVE-2019-5048 MISC
gonitro -- nitropdf	A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.	2019-10-09	6.8	CVE-2019-5050 MISC
gonitro -- nitropdf	An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability.	2019-10-09	6.8	CVE-2019-5053 MISC
hp -- arcsight_logger	Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.	2019-10-04	6.5	CVE-2019-11655 MISC
ibm -- control_desk	IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.	2019-10-09	4.0	CVE-2019-4512 XF CONFIRM
ibm -- security_key_lifecycle_manager	IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.	2019-10-04	5.0	CVE-2019-4514 XF CONFIRM
ibm -- security_key_lifecycle_manager	IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.	2019-10-04	4.3	CVE-2019-4564 XF CONFIRM
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563.	2019-10-08	4.6	CVE-2019-17241 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f.	2019-10-08	4.6	CVE-2019-17242 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155.	2019-10-08	6.8	CVE-2019-17243 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a.	2019-10-08	6.8	CVE-2019-17244 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359.	2019-10-08	4.6	CVE-2019-17245 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c.	2019-10-08	6.8	CVE-2019-17246 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8.	2019-10-08	6.8	CVE-2019-17247 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6.	2019-10-08	6.8	CVE-2019-17248 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b.	2019-10-08	6.8	CVE-2019-17249 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.	2019-10-08	6.8	CVE-2019-17250 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43.	2019-10-08	6.8	CVE-2019-17251 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115.	2019-10-08	6.8	CVE-2019-17252 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.	2019-10-08	6.8	CVE-2019-17253 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101.	2019-10-08	6.8	CVE-2019-17254 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836.	2019-10-08	6.8	CVE-2019-17255 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203.	2019-10-08	6.8	CVE-2019-17256 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.	2019-10-08	4.3	CVE-2019-17257 MISC MISC
irfanview -- irfanview	IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c.	2019-10-08	6.8	CVE-2019-17258 MISC MISC
jnoj -- jiangnan_online_judge	Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.	2019-10-10	4.3	CVE-2019-17489 MISC
jnoj -- jiangnan_online_judge	Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.	2019-10-10	4.3	CVE-2019-17491 MISC
jnoj -- jiangnan_online_judge	Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.	2019-10-10	4.3	CVE-2019-17493 MISC
joyplus-cms_project -- joyplus-cms	joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal.	2019-10-04	5.0	CVE-2019-17175 MISC
k-78 -- broken_link_manager	The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.	2019-10-07	4.3	CVE-2015-9453 MISC MISC MISC
k-78 -- broken_link_manager	The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.	2019-10-10	4.3	CVE-2015-9468 MISC MISC
kmplayer -- kmplayer	KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee.	2019-10-08	4.6	CVE-2019-17259 MISC MISC
koji_project -- koji	Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.	2019-10-09	4.0	CVE-2019-17109 MISC CONFIRM CONFIRM
liblnk_project -- liblnk	DISPUTED In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue.	2019-10-06	6.8	CVE-2019-17264 MISC MISC
libpng -- libpng	libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct.	2019-10-09	4.3	CVE-2019-17371 MISC
liferay -- liferay_portal	Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.	2019-10-04	6.5	CVE-2019-16891 MISC MISC MISC
linux -- linux_kernel	An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.	2019-10-07	4.9	CVE-2019-17351 MISC MISC MISC
lqd -- liquid_speech_balloon	The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer.	2019-10-10	4.3	CVE-2019-17070 MISC MISC
metinfo -- metinfo	An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.	2019-10-09	6.5	CVE-2019-17418 MISC
metinfo -- metinfo	An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.	2019-10-09	6.5	CVE-2019-17419 MISC
microsoft -- edge	A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.	2019-10-10	4.3	CVE-2019-0608 MISC
microsoft -- edge	A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.	2019-10-10	4.3	CVE-2019-1357 MISC
microsoft -- open_enclave_software_development_kit	An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.	2019-10-10	5.0	CVE-2019-1369 MISC
microsoft -- sharepoint_enterprise_server	An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.	2019-10-10	4.0	CVE-2019-1330 MISC
microsoft -- sql_server_management_studio	An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376.	2019-10-10	4.0	CVE-2019-1313 MISC
microsoft -- sql_server_management_studio	An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.	2019-10-10	4.0	CVE-2019-1376 MISC
microsoft -- windows_10	A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.	2019-10-10	5.6	CVE-2019-1317 MISC
microsoft -- windows_10	A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.	2019-10-10	4.3	CVE-2019-1318 MISC
microsoft -- windows_10	An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.	2019-10-10	4.6	CVE-2019-1320 MISC
microsoft -- windows_10	An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.	2019-10-10	4.6	CVE-2019-1322 MISC
microsoft -- windows_10	An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'.	2019-10-10	4.9	CVE-2019-1325 MISC
microsoft -- windows_7	An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.	2019-10-10	4.3	CVE-2019-1361 MISC MISC
mpc-hc -- mpc-hc	MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e.	2019-10-08	4.6	CVE-2019-17260 MISC MISC
netreo -- omnicenter	Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application.	2019-10-09	5.0	CVE-2019-17128 MISC MISC
nixos -- nix	Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.	2019-10-09	4.6	CVE-2019-17365 MISC MLIST
open-emr -- openemr	XSS in library/custom_template/add_template.php in OpenEMR through 5.0.2 allows a malicious user to execute code in the context of a victim's browser via a crafted list_id query parameter.	2019-10-04	4.3	CVE-2019-17179 MISC
openproject -- openproject	An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.	2019-10-09	4.3	CVE-2019-17092 MISC CONFIRM CONFIRM
orbisius -- child_theme_creator	The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter.	2019-10-07	4.0	CVE-2015-9456 MISC MISC CONFIRM
otcms -- otcms	OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.	2019-10-09	6.5	CVE-2019-17370 MISC
pi-hole -- pi-hole	Pi-Hole 4.3 allows Command Injection.	2019-10-09	6.8	CVE-2019-13051 MISC MISC MISC MISC
python -- pillow	An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.	2019-10-04	4.3	CVE-2019-16865 MISC
realbigplugins -- client_dash	The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS.	2019-10-10	4.3	CVE-2019-17071 MISC MISC
redmine -- redmine	In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.	2019-10-09	4.3	CVE-2019-17427 MISC
s-cms -- s-cms	S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.	2019-10-09	4.3	CVE-2019-17368 MISC
sap -- financial_consolidation	Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.	2019-10-08	6.4	CVE-2019-0370 MISC CONFIRM
sap -- netweaver_process_integration	SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.	2019-10-08	4.0	CVE-2019-0367 MISC CONFIRM
seo_searchterms_tagging_2_project -- seo_searchterms_tagging_2	The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.	2019-10-10	6.5	CVE-2015-9458 MISC MISC
seo_searchterms_tagging_2_project -- seo_searchterms_tagging_2	The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.	2019-10-10	4.3	CVE-2015-9459 MISC MISC
sitos -- sitos_six	SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.	2019-10-07	6.5	CVE-2019-15747 MISC
sitos -- sitos_six	SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.	2019-10-07	4.3	CVE-2019-15749 MISC
sitos -- sitos_six	A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.	2019-10-07	4.3	CVE-2019-15750 MISC
slidervilla -- smooth_slider	The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.	2019-10-07	6.5	CVE-2015-9454 MISC MISC MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.	2019-10-07	6.5	CVE-2019-17292 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.	2019-10-07	6.5	CVE-2019-17293 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user.	2019-10-07	6.5	CVE-2019-17294 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.	2019-10-07	6.5	CVE-2019-17295 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.	2019-10-07	6.5	CVE-2019-17296 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user.	2019-10-07	6.5	CVE-2019-17297 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user.	2019-10-07	6.5	CVE-2019-17298 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.	2019-10-07	6.5	CVE-2019-17299 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user.	2019-10-07	6.5	CVE-2019-17300 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.	2019-10-07	6.5	CVE-2019-17301 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user.	2019-10-07	6.5	CVE-2019-17302 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.	2019-10-07	6.5	CVE-2019-17303 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user.	2019-10-07	6.5	CVE-2019-17304 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.	2019-10-07	6.5	CVE-2019-17305 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.	2019-10-07	6.5	CVE-2019-17306 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.	2019-10-07	6.5	CVE-2019-17307 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.	2019-10-07	6.5	CVE-2019-17308 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user.	2019-10-07	6.5	CVE-2019-17309 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.	2019-10-07	6.5	CVE-2019-17310 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.	2019-10-07	6.5	CVE-2019-17311 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.	2019-10-07	6.5	CVE-2019-17312 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.	2019-10-07	6.5	CVE-2019-17313 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.	2019-10-07	6.5	CVE-2019-17314 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.	2019-10-07	6.5	CVE-2019-17315 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.	2019-10-07	6.5	CVE-2019-17316 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.	2019-10-07	6.5	CVE-2019-17317 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.	2019-10-07	6.5	CVE-2019-17318 MISC
sugarcrm -- sugarcrm	SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.	2019-10-07	6.5	CVE-2019-17319 MISC
suse -- suse_linux_enterprise_server	The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary	2019-10-07	6.6	CVE-2019-3688 CONFIRM
teampass -- teampass	TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.	2019-10-05	4.3	CVE-2019-17205 MISC
twitter -- twitter_kit	The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product.	2019-10-07	5.8	CVE-2019-16263 MISC MISC MISC
vbulletin -- vbulletin	vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.	2019-10-04	6.4	CVE-2019-17130 MISC
vbulletin -- vbulletin	vBulletin before 5.5.4 allows clickjacking.	2019-10-04	4.3	CVE-2019-17131 MISC
vbulletin -- vbulletin	vBulletin through 5.5.4 mishandles custom avatars.	2019-10-04	6.8	CVE-2019-17132 MISC FULLDISC MISC
vbulletin -- vbulletin	vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.	2019-10-08	4.0	CVE-2019-17271 MISC MISC
webarxsecurity -- webarx	The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.	2019-10-06	4.3	CVE-2019-17213 MISC MISC
webarxsecurity -- webarx	The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.	2019-10-06	5.0	CVE-2019-17214 MISC
webpagetest -- webpagetest	www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.	2019-10-05	5.0	CVE-2019-17199 MISC
wpfactory -- download_plugins_and_themes_from_dashboard	includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.	2019-10-07	4.3	CVE-2019-17239 MISC MISC
xen -- xen	An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.	2019-10-07	6.1	CVE-2019-17340 MISC
xen -- xen	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.	2019-10-07	6.9	CVE-2019-17341 MISC
xen -- xen	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.	2019-10-07	4.4	CVE-2019-17342 MISC
xen -- xen	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.	2019-10-07	4.6	CVE-2019-17343 MISC
xen -- xen	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.	2019-10-07	4.9	CVE-2019-17344 MISC
xen -- xen	An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.	2019-10-07	4.9	CVE-2019-17345 MISC
xen -- xen	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).	2019-10-07	4.6	CVE-2019-17347 MISC
xen -- xen	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.	2019-10-07	4.9	CVE-2019-17348 MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.	2019-10-07	4.9	CVE-2019-17349 MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.	2019-10-07	4.9	CVE-2019-17350 MISC
xnview -- xnview	XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.	2019-10-08	4.6	CVE-2019-17261 MISC MISC
xnview -- xnview	XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.	2019-10-08	4.6	CVE-2019-17262 MISC MISC
zingbox -- inspector	An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.	2019-10-09	6.5	CVE-2019-15016 MISC
zingbox -- inspector	A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.	2019-10-09	5.0	CVE-2019-15018 MISC
zingbox -- inspector	A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.	2019-10-09	5.0	CVE-2019-15021 MISC
zingbox -- inspector	A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.	2019-10-09	5.0	CVE-2019-15022 MISC
zingbox -- inspector	A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.	2019-10-09	5.0	CVE-2019-15023 MISC
zingbox -- inspector	A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.	2019-10-09	6.8	CVE-2019-1584 MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
cmsmadesimple -- cms_made_simple	CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.	2019-10-06	3.5	CVE-2019-17226 MISC
hp -- arcsight_logger	Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').	2019-10-04	3.5	CVE-2019-11656 MISC
hrworks -- hrworks	HRworks 3.36.9 allows XSS via the purpose of a travel-expense report.	2019-10-08	3.5	CVE-2019-16416 MISC MISC
hrworks -- hrworks	HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report.	2019-10-08	3.5	CVE-2019-16417 MISC MISC
ibm -- maximo_anywhere	IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.	2019-10-10	2.1	CVE-2019-4265 XF CONFIRM
intelliants -- subrion	Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.	2019-10-06	3.5	CVE-2019-17225 MISC MISC
laravel-admin -- laravel-admin	z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.	2019-10-10	3.5	CVE-2019-17433 MISC
lavalite -- lavalite	LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.	2019-10-10	3.5	CVE-2019-17434 MISC
libfwsi_project -- libfwsi	In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported.	2019-10-06	2.1	CVE-2019-17263 MISC MISC MISC
liblnk_project -- liblnk	DISPUTED libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue.	2019-10-09	2.1	CVE-2019-17401 MISC
microsoft -- sharepoint_enterprise_server	A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.	2019-10-10	3.5	CVE-2019-1070 MISC
microsoft -- sharepoint_enterprise_server	A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.	2019-10-10	3.5	CVE-2019-1328 MISC
microsoft -- sharepoint_enterprise_server	An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.	2019-10-10	3.5	CVE-2019-1329 MISC
microsoft -- windows_10	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.	2019-10-10	2.1	CVE-2019-1345 MISC MISC
microsoft -- windows_7	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.	2019-10-10	2.1	CVE-2019-1363 MISC
pbootcms -- pbootcms	PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.	2019-10-09	3.5	CVE-2019-17417 MISC
sap -- businessobjects_business_intelligence_platform	SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting	2019-10-08	3.5	CVE-2019-0374 MISC CONFIRM
sap -- businessobjects_business_intelligence_platform	SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.	2019-10-08	3.5	CVE-2019-0375 MISC CONFIRM
sap -- businessobjects_business_intelligence_platform	SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.	2019-10-08	3.5	CVE-2019-0376 MISC CONFIRM
sap -- businessobjects_business_intelligence_platform	SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.	2019-10-08	3.5	CVE-2019-0377 MISC CONFIRM
sap -- businessobjects_business_intelligence_platform	SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.	2019-10-08	3.5	CVE-2019-0378 MISC CONFIRM
sap -- financial_consolidation	SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.	2019-10-08	3.5	CVE-2019-0369 MISC CONFIRM
teampass -- teampass	TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.	2019-10-05	3.5	CVE-2019-17203 MISC
teampass -- teampass	TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.	2019-10-05	3.5	CVE-2019-17204 MISC
tibco -- master_data_management	The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0.	2019-10-09	3.5	CVE-2019-11212 CONFIRM CONFIRM

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
activesoft -- mybuilder	ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution	2019-10-07	not yet calculated	CVE-2019-12811 MISC
activesoft -- mybuilder	MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.	2019-10-07	not yet calculated	CVE-2019-12812 MISC
altair_engineering -- pbs_professional	Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user.	2019-10-09	not yet calculated	CVE-2019-15719 MISC MISC MISC MISC
amazon_web_services -- freertos	Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checking in prvProcessReceivedPublish, resulting in leakage of arbitrary memory contents on a device to an attacker. An attacker sends a malformed MQTT publish packet, and waits for an MQTTACK packet containing the leaked data.	2019-10-07	not yet calculated	CVE-2019-13120 CONFIRM
arista_networks -- extensible_operating_system	A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17)	2019-10-10	not yet calculated	CVE-2019-14810 MISC CONFIRM
auth0 -- auth0	Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.	2019-10-08	not yet calculated	CVE-2019-16929 CONFIRM
automattic -- mongoose	Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project).	2019-10-09	not yet calculated	CVE-2019-17426 MISC MISC
avira -- avira_software_updater	Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack.	2019-10-10	not yet calculated	CVE-2019-17449 MISC
axiomatic_systems -- bento4	An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.	2019-10-12	not yet calculated	CVE-2019-17528 MISC MISC
axiomatic_systems -- bento4	An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.	2019-10-12	not yet calculated	CVE-2019-17529 MISC MISC
axiomatic_systems -- bento4	An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.	2019-10-12	not yet calculated	CVE-2019-17530 MISC MISC
b3log -- symphony	b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.	2019-10-10	not yet calculated	CVE-2019-17488 MISC
belkin -- wemo_switch_28b_devices	An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.	2019-10-12	not yet calculated	CVE-2019-17532 MISC
bootstrap-3-typeahead -- bootstrap-3-typeahead	Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.	2019-10-08	not yet calculated	CVE-2019-10215 CONFIRM
bouncy_castle -- bouncy_castle_crypto_package	The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.	2019-10-08	not yet calculated	CVE-2019-17359 MISC MISC
centreon -- centreon_web	getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.	2019-10-08	not yet calculated	CVE-2018-21023 MLIST MISC MISC MISC
centreon -- centreon_web	licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.	2019-10-08	not yet calculated	CVE-2018-21024 MLIST CONFIRM MISC
centreon -- centreon_web	img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.	2019-10-08	not yet calculated	CVE-2018-21021 MLIST MISC MISC
centreon -- centreon_web	makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.	2019-10-08	not yet calculated	CVE-2018-21022 MLIST MISC MISC
centreon -- centreon_web	The token generator in index.php in Centreon Web before 2.8.27 is predictable.	2019-10-08	not yet calculated	CVE-2019-17105 MLIST CONFIRM MISC
centreon -- centreon_web	In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.	2019-10-08	not yet calculated	CVE-2018-21020 MLIST MISC MISC
centreon -- centreon_web	minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.	2019-10-08	not yet calculated	CVE-2019-17107 MLIST MISC MISC
centreon -- centreon_web	Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.	2019-10-08	not yet calculated	CVE-2019-17108 MLIST MISC MISC
citrix -- application_delivery_management	Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.	2019-10-09	not yet calculated	CVE-2019-17366 CONFIRM
cobham -- explorer_710	The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.	2019-10-10	not yet calculated	CVE-2019-9529 CERT-VN
cobham -- explorer_710	The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.	2019-10-10	not yet calculated	CVE-2019-9531 CERT-VN
cobham -- explorer_710	The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.	2019-10-10	not yet calculated	CVE-2019-9530 CERT-VN
cobham -- explorer_710	The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.	2019-10-10	not yet calculated	CVE-2019-9534 CERT-VN
cobham -- explorer_710	The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.	2019-10-10	not yet calculated	CVE-2019-9533 CERT-VN
cobham -- explorer_710	The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.	2019-10-10	not yet calculated	CVE-2019-9532 CERT-VN
compal -- ch7465lg_devices	The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.	2019-10-11	not yet calculated	CVE-2019-17499 MISC
craft_cms -- craft_cms	Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.	2019-10-10	not yet calculated	CVE-2019-17496 MISC MISC
d-link -- dap-1320_routers	D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack.	2019-10-11	not yet calculated	CVE-2019-17505 MISC
d-link -- dir-615_devices	An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.	2019-10-09	not yet calculated	CVE-2019-17353 MISC MISC MISC MISC
d-link -- dir-816l_devices	An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp.	2019-10-11	not yet calculated	CVE-2019-17507 MISC
d-link -- dir-846_devices	D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.	2019-10-11	not yet calculated	CVE-2019-17509 MISC
d-link -- dir-846_devices	D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.	2019-10-11	not yet calculated	CVE-2019-17510 MISC
d-link -- dir-859_and_dir-8850_devices	On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.	2019-10-11	not yet calculated	CVE-2019-17508 MISC
d-link -- dir-868l_and_dir-817lw_routers	There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.	2019-10-11	not yet calculated	CVE-2019-17506 MISC
dbell -- wi-fi_smart_video_doorbell	The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end of life in 2016.	2019-10-08	not yet calculated	CVE-2019-13336 MISC MISC MISC
dell -- encryption_enterprise	The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.	2019-10-07	not yet calculated	CVE-2019-3745 MISC
dell_emc -- avamar_server	Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.	2019-10-09	not yet calculated	CVE-2019-3765 CONFIRM
envoy_proxy -- envoy	Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.	2019-10-09	not yet calculated	CVE-2019-15226 MISC MISC MISC
espressif -- esp-idf	An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled.	2019-10-07	not yet calculated	CVE-2019-15894 CONFIRM
fastadmin -- fastadmin	An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.	2019-10-10	not yet calculated	CVE-2019-17432 MISC
fasterxml -- jackson-databind	A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.	2019-10-12	not yet calculated	CVE-2019-17531 MISC MISC
fiberhome -- hg2201t	/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.	2019-10-08	not yet calculated	CVE-2019-17186 MISC
frost_ming -- redis_wrapper	Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.	2019-10-05	not yet calculated	CVE-2019-17206 MISC MISC MISC
genesys -- pureengage_digital	Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).	2019-10-11	not yet calculated	CVE-2019-17176 MISC MISC MISC MISC MISC
gnu -- binutils	find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.	2019-10-10	not yet calculated	CVE-2019-17450 MISC
gnu -- binutils	An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.	2019-10-10	not yet calculated	CVE-2019-17451 MISC MISC
gnupg_project -- boa	Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.	2019-10-11	not yet calculated	CVE-2018-21027 CONFIRM CONFIRM
gnupg_project -- boa	Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.	2019-10-11	not yet calculated	CVE-2018-21028 CONFIRM CONFIRM
google -- android	In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465	2019-10-11	not yet calculated	CVE-2019-2183 CONFIRM
google -- android	In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348	2019-10-11	not yet calculated	CVE-2019-2114 CONFIRM
google -- android	In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447	2019-10-11	not yet calculated	CVE-2019-2186 CONFIRM
google -- android	In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699	2019-10-11	not yet calculated	CVE-2019-2185 CONFIRM
google -- android	In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122	2019-10-11	not yet calculated	CVE-2019-2184 CONFIRM
google -- android	In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-69703445	2019-10-11	not yet calculated	CVE-2019-2110 CONFIRM
google -- android	In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720	2019-10-11	not yet calculated	CVE-2019-2173 CONFIRM
google -- android	A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095	2019-10-11	not yet calculated	CVE-2019-2215 CONFIRM
google -- android	In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143	2019-10-11	not yet calculated	CVE-2019-2187 CONFIRM
graphite_project -- graphite	send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.	2019-10-11	not yet calculated	CVE-2017-18638 MISC MISC MISC MISC MISC
gree -- gree+_application_for_andriod	The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery.	2019-10-11	not yet calculated	CVE-2018-20582 MISC MISC
hotaru_cms -- hotaru_cms	A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1.	2019-10-12	not yet calculated	CVE-2019-17522 MISC MISC
hp -- touchpoint_analytics	A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.	2019-10-11	not yet calculated	CVE-2019-6333 CONFIRM
hyrda -- hyrda	Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.	2019-10-12	not yet calculated	CVE-2019-17502 MISC MISC
icewrap -- webclient	IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.	2019-10-11	not yet calculated	CVE-2010-5335 MISC MISC
icewrap -- webclient	IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.	2019-10-11	not yet calculated	CVE-2010-5334 MISC MISC
icewrap -- webclient	IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.	2019-10-11	not yet calculated	CVE-2010-5336 MISC MISC
icewrap -- webclient	IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.	2019-10-11	not yet calculated	CVE-2010-5337 MISC MISC
icewrap -- webclient	IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.	2019-10-11	not yet calculated	CVE-2010-5338 MISC MISC
icewrap -- webclient	IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.	2019-10-11	not yet calculated	CVE-2010-5339 MISC MISC
icewrap -- webclient	IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.	2019-10-11	not yet calculated	CVE-2010-5340 MISC MISC
intel -- active_system_console	Insufficient path checking in the installer for Intel(R) Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access.	2019-10-11	not yet calculated	CVE-2019-11120 CONFIRM
intel -- nuc	Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.	2019-10-11	not yet calculated	CVE-2019-14570 CONFIRM
intel -- nuc	Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.	2019-10-11	not yet calculated	CVE-2019-14569 CONFIRM
intel -- smart_connect_technology_for_intel_nuc	Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.	2019-10-11	not yet calculated	CVE-2019-11167 CONFIRM
internet_systems_consortium -- bind	An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.	2019-10-09	not yet calculated	CVE-2019-6469 CONFIRM
internet_systems_consortium -- bind	A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.	2019-10-09	not yet calculated	CVE-2018-5744 CONFIRM
internet_systems_consortium -- bind	A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.	2019-10-09	not yet calculated	CVE-2019-6471 CONFIRM CONFIRM
internet_systems_consortium -- bind	In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.	2019-10-09	not yet calculated	CVE-2019-6468 CONFIRM
internet_systems_consortium -- bind	A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.	2019-10-09	not yet calculated	CVE-2019-6467 CONFIRM
internet_systems_consortium -- bind	Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.	2019-10-09	not yet calculated	CVE-2019-6465 CONFIRM
internet_systems_consortium -- bind	By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.	2019-10-09	not yet calculated	CVE-2018-5743 CONFIRM
internet_systems_consortium -- bind	"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.	2019-10-09	not yet calculated	CVE-2018-5745 CONFIRM
internet_systems_consortium -- isc_dhcp	Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0	2019-10-09	not yet calculated	CVE-2018-5732 CONFIRM
iterm2 -- iterm2	A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.	2019-10-09	not yet calculated	CVE-2019-9535 MISC CONFIRM CERT-VN
jfinal -- jfinal	In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.	2019-10-08	not yet calculated	CVE-2019-17352 MISC MISC MISC
jiangan_online_judge -- jiangan_online_judge	app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.	2019-10-10	not yet calculated	CVE-2019-17490 MISC
joicom_corporation -- renpho_application	An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).	2019-10-09	not yet calculated	CVE-2019-14808 MISC MISC MISC
joomlashack -- shack_forms_pro	The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.	2019-10-09	not yet calculated	CVE-2019-17399 MISC
juniper_networks -- junos_os	A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2.	2019-10-09	not yet calculated	CVE-2019-0062 CONFIRM
juniper_networks -- junos_os	The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.	2019-10-09	not yet calculated	CVE-2019-0073 MISC
juniper_networks -- junos_os	A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.	2019-10-09	not yet calculated	CVE-2019-0059 MISC
juniper_networks -- junos_os	The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.	2019-10-09	not yet calculated	CVE-2019-0061 MISC
juniper_networks -- junos_os	A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2.	2019-10-09	not yet calculated	CVE-2019-0074 MISC
juniper_networks -- junos_os	Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions.	2019-10-09	not yet calculated	CVE-2019-0067 CONFIRM
juniper_networks -- junos_os	An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.	2019-10-09	not yet calculated	CVE-2019-0066 MISC MISC
juniper_networks -- junos_os	A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.	2019-10-09	not yet calculated	CVE-2019-0047 MISC
juniper_networks -- junos_os_ex2300_and_ex3400_series	Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user with shell access to install untrusted executable images, and elevate privileges to gain full control of the system. During the installation of an affected version of Junos OS are installed, the following messages will be logged to the console: Initializing Verified Exec: /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/brcm-hr3.dtb: Authentication error veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/contents.izo: Authentication error ... This issue affects Juniper Networks Junos OS: 18.1R3-S4 on EX2300, EX2300-C and EX3400; 18.3R1-S3 on EX2300, EX2300-C and EX3400.	2019-10-09	not yet calculated	CVE-2019-0071 MISC MISC
juniper_networks -- junos_os_multiple_series	A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R2.	2019-10-09	not yet calculated	CVE-2019-0075 MISC
juniper_networks -- junos_os_multiple_series	On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX platforms with the Linux Host OS architecture, it does not affect other SRX and EX platforms that do not use the Linux Host OS architecture. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series; 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series; 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series; 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series; 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series; 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series; 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series; 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series; 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series; 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series; 15.1X53 versions prior to 15.1X53-D496 on NFX Series, 17.2 versions prior to 17.2R3-S1 on NFX Series; 17.3 versions prior to 17.3R3-S4 on NFX Series; 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series, 18.1 versions prior to 18.1R3-S4 on NFX Series; 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series; 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series.	2019-10-09	not yet calculated	CVE-2019-0069 CONFIRM
juniper_networks -- junos_os_mx_series	On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on MX Series: 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S6 ; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S3; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.	2019-10-09	not yet calculated	CVE-2019-0065 CONFIRM
juniper_networks -- junos_os_mx_series	This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.	2019-10-09	not yet calculated	CVE-2019-0056 MISC
juniper_networks -- junos_os_mx_series	When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue only affects systems configured with DHCPv6 enabled. DHCPv4 is unaffected by this issue. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S5 on MX Series; 16.1 versions prior to 16.1R7-S5 on MX Series; 16.2 versions prior to 16.2R2-S10 on MX Series; 17.1 versions prior to 17.1R3-S1 on MX Series; 17.2 versions prior to 17.2R3-S2 on MX Series; 17.3 versions prior to 17.3R3-S6 on MX Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S6 on MX Series; 18.2 versions prior to 18.2R2-S4, 18.2R3 on MX Series; 18.2X75 versions prior to 18.2X75-D50 on MX Series; 18.3 versions prior to 18.3R1-S5, 18.3R3 on MX Series; 18.4 versions prior to 18.4R2 on MX Series; 19.1 versions prior to 19.1R1-S2, 19.1R2 on MX Series.	2019-10-09	not yet calculated	CVE-2019-0063 MISC
juniper_networks -- junos_os_nfx_series	An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series.	2019-10-09	not yet calculated	CVE-2019-0070 MISC
juniper_networks -- junos_os_nfx_series	An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.	2019-10-09	not yet calculated	CVE-2019-0057 MISC
juniper_networks -- junos_os_srx1500_series	Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this condition occurs. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D170 on SRX1500; 17.3 versions prior to 17.3R3-S7 on SRX1500; 17.4 versions prior to 17.4R2-S8, 17.4R3 on SRX1500; 18.1 versions prior to 18.1R3-S8 on SRX1500; 18.2 versions prior to 18.2R3 on SRX1500; 18.3 versions prior to 18.3R2 on SRX1500; 18.4 versions prior to 18.4R2 on SRX1500.	2019-10-09	not yet calculated	CVE-2019-0050 CONFIRM
juniper_networks -- junos_os_srx5000_series	On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series.	2019-10-09	not yet calculated	CVE-2019-0064 MISC
juniper_networks -- junos_os_srx5000_series	SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.	2019-10-09	not yet calculated	CVE-2019-0051 MISC
juniper_networks -- junos_os_srx_series	A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.	2019-10-09	not yet calculated	CVE-2019-0055 MISC MLIST
juniper_networks -- junos_os_srx_series	The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.	2019-10-09	not yet calculated	CVE-2019-0068 CONFIRM
juniper_networks -- junos_os_srx_series	The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.	2019-10-09	not yet calculated	CVE-2019-0060 MISC MISC
juniper_networks -- junos_os_srx_series	A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain actions. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D80 on SRX Series.	2019-10-09	not yet calculated	CVE-2019-0058 MISC
juniper_networks -- junos_os_srx_series	An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.	2019-10-09	not yet calculated	CVE-2019-0054 MISC MISC
juniper_networks -- sbr_carrier	An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4.	2019-10-09	not yet calculated	CVE-2019-0072 MISC
kaseva -- vsa_rmm	An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.)	2019-10-11	not yet calculated	CVE-2019-14510 MISC MISC MISC MISC MISC
kirona -- dynamic_resource_scheduling	An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.	2019-10-11	not yet calculated	CVE-2019-17503 MISC
kirona -- dynamic_resource_scheduling	An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.	2019-10-11	not yet calculated	CVE-2019-17504 MISC
knex.js -- knex.js	knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.	2019-10-08	not yet calculated	CVE-2019-10757 CONFIRM
kramer -- viaware	Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.	2019-10-09	not yet calculated	CVE-2019-17124 MISC
landing-cms -- landing-cms	An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI,	2019-10-12	not yet calculated	CVE-2019-17521 MISC
laravel-bjyblog -- laravel-bjyblog	laravel-bjyblog 6.1.1 has XSS via a crafted URL.	2019-10-10	not yet calculated	CVE-2019-17494 MISC
libntlm -- libntlm	Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.	2019-10-10	not yet calculated	CVE-2019-17455 MISC
libtom_project -- libtomcrypt	In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.	2019-10-08	not yet calculated	CVE-2019-17362 MISC MISC MLIST MISC
libvips -- libvips	vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.	2019-10-12	not yet calculated	CVE-2019-17534 MISC MISC MISC
mantisbt -- mantisbt	MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.	2019-10-09	not yet calculated	CVE-2019-15715 CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM CONFIRM
mcafee -- endpoint_security	Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.	2019-10-09	not yet calculated	CVE-2019-3652 CONFIRM
mcafee -- endpoint_security	Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.	2019-10-09	not yet calculated	CVE-2019-3653 CONFIRM
microsoft -- azure_app_service_on_azure_stack	An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1372 MISC
microsoft -- internet_explorer	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1371 MISC
microsoft -- microsoft_dynamics_365	A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1375 MISC
microsoft -- microsoft_edge	An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1356 MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.	2019-10-10	not yet calculated	CVE-2019-1342 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1230 MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1321 MISC
microsoft -- multiple_windows_products	A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1166 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1344 MISC MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345.	2019-10-10	not yet calculated	CVE-2019-1334 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1337 MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.	2019-10-10	not yet calculated	CVE-2019-1339 MISC
microsoft -- multiple_windows_products	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.	2019-10-10	not yet calculated	CVE-2019-1346 MISC MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1341 MISC
microsoft -- multiple_windows_products	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.	2019-10-10	not yet calculated	CVE-2019-1343 MISC MISC
microsoft -- multiple_windows_products	A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1368 MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1365 MISC
microsoft -- multiple_windows_products	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.	2019-10-10	not yet calculated	CVE-2019-1359 MISC
microsoft -- multiple_windows_products	A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.	2019-10-10	not yet calculated	CVE-2019-1358 MISC
microsoft -- multiple_windows_products	A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.	2019-10-10	not yet calculated	CVE-2019-1347 MISC MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322.	2019-10-10	not yet calculated	CVE-2019-1340 MISC
microsoft -- windows_10_mobile	A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1314 MISC
microsoft -- windows_7_and_windows_server_2008	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.	2019-10-10	not yet calculated	CVE-2019-1362 MISC MISC MISC
microsoft -- windows_7_and_windows_server_2008	A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1338 MISC
microsoft -- windows_7_and_windows_server_2008	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.	2019-10-10	not yet calculated	CVE-2019-1364 MISC MISC
microsoft -- windows_update_assistant	An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.	2019-10-10	not yet calculated	CVE-2019-1378 MISC
moxa -- edr_810	Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.	2019-10-08	not yet calculated	CVE-2019-10963 MISC
moxa -- edr_810	Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.	2019-10-08	not yet calculated	CVE-2019-10969 MISC
netaddr_gem_for_ruby_on_rails -- netaddr_gem_for_ruby_on_rails	The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.	2019-10-09	not yet calculated	CVE-2019-17383 MISC MISC
netapp -- clustered_data_ontap	Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.	2019-10-09	not yet calculated	CVE-2019-5506 CONFIRM
netapp -- snapmanager_for_oracle	SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.	2019-10-09	not yet calculated	CVE-2019-5507 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.	2019-10-09	not yet calculated	CVE-2019-17373 MISC
netgear -- multiple_devices	Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.	2019-10-09	not yet calculated	CVE-2019-17372 MISC
netsarang -- xftp	NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.	2019-10-10	not yet calculated	CVE-2019-17320 MISC
node-red -- node-red-dashboard	It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.	2019-10-08	not yet calculated	CVE-2019-10756 CONFIRM
nvidia -- shield_tv	NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.	2019-10-09	not yet calculated	CVE-2019-5700 CONFIRM
nvidia -- shield_tv	NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges.	2019-10-09	not yet calculated	CVE-2019-5699 CONFIRM
open_information_security_foundation -- libhtp	In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.	2019-10-09	not yet calculated	CVE-2019-17420 MISC MISC MISC
openbsd -- openssh	OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.	2019-10-09	not yet calculated	CVE-2019-16905 MISC MISC MISC MISC CONFIRM CONFIRM
openstack_project -- openstack_octavia	Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.	2019-10-08	not yet calculated	CVE-2019-17134 MISC MISC MISC MISC MISC MISC CONFIRM MISC UBUNTU
otcms -- otcms	OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.	2019-10-09	not yet calculated	CVE-2019-17369 MISC
palo_alto_networks -- zingbox_inspector	The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.	2019-10-09	not yet calculated	CVE-2019-15017 MISC
palo_alto_networks -- zingbox_inspector	In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.	2019-10-09	not yet calculated	CVE-2019-15015 MISC
prettyphoto -- prettyphoto	prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.	2019-10-10	not yet calculated	CVE-2015-9478 MISC MISC
python -- python	library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.	2019-10-12	not yet calculated	CVE-2019-17514 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC
redhat -- ansible	Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ansible_engine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.	2019-10-08	not yet calculated	CVE-2019-14846 CONFIRM
redhat -- openshift	A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.	2019-10-08	not yet calculated	CVE-2019-14845 CONFIRM
riot -- riot	In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.	2019-10-09	not yet calculated	CVE-2019-17389 MISC
rsyslog -- rsyslog	An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.	2019-10-07	not yet calculated	CVE-2019-17041 CONFIRM CONFIRM
samsung -- laser_printers	A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service.	2019-10-11	not yet calculated	CVE-2019-6335 CONFIRM
samsung -- multiple_p_phones	On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.	2019-10-09	not yet calculated	CVE-2019-11341 MISC MISC MISC
sap -- customer_relationship_management	SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.	2019-10-08	not yet calculated	CVE-2019-0368 MISC CONFIRM
sap -- landscape_management_enterprise_edition	Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters? default values to be part of the application logs leading to Information Disclosure.	2019-10-08	not yet calculated	CVE-2019-0380 MISC CONFIRM
sap -- process_integration	SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check	2019-10-08	not yet calculated	CVE-2019-0379 MISC CONFIRM
sap -- sql_anywhere	A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.	2019-10-08	not yet calculated	CVE-2019-0381 MISC CONFIRM
siemens -- multiple_products	A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.2.3), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G150 (Control Unit) (All versions), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-10-10	not yet calculated	CVE-2019-10936 CONFIRM
siemens -- multiple_products	A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations.	2019-10-10	not yet calculated	CVE-2019-10923 CONFIRM
siemens -- simatic_it_uadm	A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-10-10	not yet calculated	CVE-2019-13929 CONFIRM
siemens -- simatic_winac_rtx_(f)_2010	A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-10-10	not yet calculated	CVE-2019-13921 CONFIRM
signal -- private_messenger	The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.	2019-10-04	not yet calculated	CVE-2019-17191 MISC MISC MISC
sma_solar_technology -- sunny_webox	An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.	2019-10-09	not yet calculated	CVE-2019-13529 MISC MISC
socomec -- diris_a-40_devices	Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.	2019-10-09	not yet calculated	CVE-2019-15859 MISC FULLDISC MISC
softing -- uagate_si	An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.	2019-10-10	not yet calculated	CVE-2019-15051 MISC
softing -- uagate_si	An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.	2019-10-10	not yet calculated	CVE-2019-11526 MISC
softing -- uagate_si	An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.	2019-10-10	not yet calculated	CVE-2019-11527 MISC
softing -- uagate_si	An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.	2019-10-10	not yet calculated	CVE-2019-11528 MISC
softland -- file_sharing_wizard	A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331.	2019-10-09	not yet calculated	CVE-2019-17415 MISC
solarwinds -- dameware_mini_remote_client	The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.	2019-10-08	not yet calculated	CVE-2019-3980 MISC
sophos -- cyberoamos	A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.	2019-10-11	not yet calculated	CVE-2019-17059 CONFIRM MISC MISC
swagger -- swagger_ui	A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.	2019-10-10	not yet calculated	CVE-2019-17495 MISC MISC
syslog -- rsyslog	An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.	2019-10-07	not yet calculated	CVE-2019-17042 CONFIRM CONFIRM
tbeu -- matio	Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.	2019-10-12	not yet calculated	CVE-2019-17533 MISC MISC
tinylcy -- vino	tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL.	2019-10-09	not yet calculated	CVE-2019-17414 MISC
tracker_software -- pdf-xchange_editor	Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.	2019-10-10	not yet calculated	CVE-2019-17497 MISC
v-zug -- combi-steam_mslq_devices	An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.	2019-10-06	not yet calculated	CVE-2019-17218 MISC
v-zug -- combi-steam_mslq_devices	An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.	2019-10-06	not yet calculated	CVE-2019-17216 MISC
v-zug -- combi-steam_mslq_devices	An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.	2019-10-06	not yet calculated	CVE-2019-17215 MISC
v-zug -- combi-steam_mslq_devices	An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.	2019-10-06	not yet calculated	CVE-2019-17217 MISC
v-zug -- combi-steam_mslq_devices	An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.	2019-10-06	not yet calculated	CVE-2019-17219 MISC
vmware -- multiple_products	ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.	2019-10-10	not yet calculated	CVE-2019-5527 CONFIRM
vmware -- workstation_and_fusion	VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.	2019-10-10	not yet calculated	CVE-2019-5535 CONFIRM
wordpress -- wordpress	The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9487 MISC
wordpress -- wordpress	The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9490 MISC
wordpress -- wordpress	The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9492 MISC
wordpress -- wordpress	The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.	2019-10-07	not yet calculated	CVE-2015-9455 MISC MISC
wordpress -- wordpress	The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.	2019-10-10	not yet calculated	CVE-2015-9470 MISC MISC
wordpress -- wordpress	The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.	2019-10-10	not yet calculated	CVE-2015-9457 MISC MISC MISC
wordpress -- wordpress	The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.	2019-10-10	not yet calculated	CVE-2015-9480 EXPLOIT-DB
wordpress -- wordpress	The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.	2019-10-10	not yet calculated	CVE-2015-9479 MISC
wordpress -- wordpress	The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.	2019-10-10	not yet calculated	CVE-2015-9460 MISC MISC MISC
wordpress -- wordpress	The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.	2019-10-10	not yet calculated	CVE-2015-9472 MISC MISC MISC
wordpress -- wordpress	The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.	2019-10-10	not yet calculated	CVE-2015-9466 MISC MISC MISC
wordpress -- wordpress	The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.	2019-10-10	not yet calculated	CVE-2015-9471 MISC MISC MISC
wordpress -- wordpress	The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.	2019-10-10	not yet calculated	CVE-2015-9463 MISC MISC
wordpress -- wordpress	The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.	2019-10-10	not yet calculated	CVE-2015-9464 MISC EXPLOIT-DB
wordpress -- wordpress	The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.	2019-10-10	not yet calculated	CVE-2015-9462 MISC MISC MISC
wordpress -- wordpress	The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.	2019-10-10	not yet calculated	CVE-2015-9469 MISC MISC
wordpress -- wordpress	The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.	2019-10-10	not yet calculated	CVE-2015-9465 MISC MISC MISC
wordpress -- wordpress	The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9486 MISC
wordpress -- wordpress	The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.	2019-10-10	not yet calculated	CVE-2015-9473 MISC
wordpress -- wordpress	The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9483 MISC
wordpress -- wordpress	The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.	2019-10-10	not yet calculated	CVE-2019-17386 MISC MISC MISC MISC
wordpress -- wordpress	The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9489 MISC
wordpress -- wordpress	The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9488 MISC
wordpress -- wordpress	The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9485 MISC
wordpress -- wordpress	The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.	2019-10-10	not yet calculated	CVE-2015-9474 MISC
wordpress -- wordpress	The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9484 MISC
wordpress -- wordpress	The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9482 MISC
wordpress -- wordpress	The ThemeMakers Diplomat \| Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9481 MISC
wordpress -- wordpress	The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.	2019-10-10	not yet calculated	CVE-2015-9477 MISC
wordpress -- wordpress	The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.	2019-10-10	not yet calculated	CVE-2015-9476 MISC
wordpress -- wordpress	The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.	2019-10-10	not yet calculated	CVE-2015-9475 MISC
wordpress -- wordpress	The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.	2019-10-11	not yet calculated	CVE-2015-9491 MISC
yealink -- multiple_phones	Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.	2019-10-08	not yet calculated	CVE-2019-14656 MISC MISC
yealink -- multiple_phones	Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.	2019-10-08	not yet calculated	CVE-2019-14657 MISC MISC
zabbix -- zabbix	An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.	2019-10-09	not yet calculated	CVE-2019-17382 MISC
zoho_manageengine -- datasecurity_plus	An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).	2019-10-09	not yet calculated	CVE-2019-17112 MISC MISC
zyxel -- nbg-418n_router	wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.	2019-10-09	not yet calculated	CVE-2019-17354 MISC MISC

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.