Bulletin (SB19-308)

Vulnerability Summary for the Week of October 28, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-10-25 7.5 CVE-2019-8088
CONFIRM
apache -- thrift In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. 2019-10-29 7.8 CVE-2019-0205
MISC
bitlbee -- bitlbee
 
Bitlbee does not drop extra group privileges correctly in unix.c 2019-10-29 7.5 CVE-2012-1187
MISC
MISC
MISC
MISC
cisco -- video_communications_server
 
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. 2019-10-29 9 CVE-2011-2538
CONFIRM
codesys -- eni_server
 
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. 2019-10-25 7.5 CVE-2019-16265
CONFIRM
MISC
d-link -- dir-865
 
D-Link DIR-865L has PHP File Inclusion in the router xml file. 2019-10-25 7.5 CVE-2013-4857
MISC
MISC
d-link -- dir-865l_devices
 
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. 2019-10-25 7.9 CVE-2013-4855
MISC
MISC
MISC
debian_project -- qtparted
 
qtparted has insecure library loading which may allow arbitrary code execution 2019-10-29 7.5 CVE-2010-3375
DEBIAN
MISC
MISC
google -- chrome
 
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. 2019-10-25 7.5 CVE-2016-5202
MISC
MISC
MISC
MISC
MISC
hot-world -- repetier-server A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. 2019-10-28 10 CVE-2019-14450
CONFIRM
MISC
hot-world -- repetier-server
 
RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. 2019-10-25 10 CVE-2019-14451
CONFIRM
MISC
intrasrv -- intrasrv
 
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system. 2019-10-28 10 CVE-2019-17181
MISC
MISC
jetbrains -- teamcity In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. 2019-10-31 7.5 CVE-2019-18364
CONFIRM
k7_computing -- antivirus_premium_and_total_security_and_ultimate_security
 
In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process. 2019-10-28 7.5 CVE-2019-16897
MISC
labf -- nfsaxe_ftp_client
 
Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. 2019-10-25 7.5 CVE-2017-14742
EXPLOIT-DB
linksys -- ea6500_router
 
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. 2019-10-25 10 CVE-2013-4658
MISC
MISC
MISC
medoo -- medoo
 
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. 2019-10-30 7.5 CVE-2019-10762
MISC
MISC
mikrotik -- routeros
 
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords. 2019-10-29 8.5 CVE-2019-3977
MISC
milesight -- ip_security_cameras
 
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. 2019-10-25 7.5 CVE-2016-2356
MISC
MISC
MISC
milesight -- ip_security_cameras
 
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. 2019-10-25 7.5 CVE-2016-2359
MISC
MISC
MISC
mitsubishi_electric_and_inea -- me-rtu_devices An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.) 2019-10-28 10 CVE-2019-14930
MISC
MISC
mitsubishi_electric_and_inea -- me-rtu_devices
 
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data. 2019-10-28 10 CVE-2019-14931
MISC
MISC
mitsubishi_electric_and_inea -- me-rtu_devices
 
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites. 2019-10-28 7.5 CVE-2019-14926
MISC
MISC
philips -- intellispace_perinatal
 
In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. 2019-10-25 7.2 CVE-2019-13546
MISC
php -- php
 
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. 2019-10-28 7.5 CVE-2019-11043
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MISC
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
UBUNTU
UBUNTU
DEBIAN
DEBIAN
pixelpost -- pixelpost
 
pixelpost 1.7.1 has SQL injection 2019-10-28 7.5 CVE-2009-4899
MISC
DEBIAN
MISC
rconfig -- rconfig
 
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. 2019-10-28 9 CVE-2019-16663
MISC
MISC
MISC
MISC
MISC
rconfig -- rconfig
 
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. 2019-10-28 10 CVE-2019-16662
MISC
MISC
MISC
MISC
MISC
MISC
rittal -- rittal_chiller_sk_3232_series
 
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. 2019-10-25 10 CVE-2019-13553
FULLDISC
MISC
sequelize -- sequelize
 
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. 2019-10-29 7.5 CVE-2019-10748
MISC
MISC
MISC
sequelize -- sequelize
 
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. 2019-10-29 7.5 CVE-2019-10749
MISC
MISC
snoopy -- snoopy
e
Snoopy before 2.0.0 has a security hole in exec cURL 2019-10-28 7.5 CVE-2002-2444
MISC
DEBIAN
MISC
sugarcrm -- sugarcrm
 
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. 2019-10-29 7.5 CVE-2012-0694
MISC
MISC
EXPLOIT-DB
tightvnc_software -- tightvnc TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. 2019-10-29 7.5 CVE-2019-8287
MLIST
tightvnc_software -- tightvnc
 
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. 2019-10-29 7.5 CVE-2019-15679
MLIST
tightvnc_software -- tightvnc
 
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. 2019-10-29 7.5 CVE-2019-15678
MLIST
tiki_wiki -- cms_groupware Tiki Wiki CMS Groupware 5.2 has Local File Inclusion 2019-10-28 7.5 CVE-2010-4239
MISC
MISC
MISC
MISC
tp-link -- tl-wdr4300_devices TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. 2019-10-25 9.3 CVE-2013-4848
MISC
MISC
MISC
MISC
MISC
transmission -- transmission
 
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. 2019-10-30 7.5 CVE-2010-0748
MISC
CONFIRM
MISC
CONFIRM
MLIST
youphptube -- youphptube
 
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. 2019-10-25 7.5 CVE-2019-5127
MISC
youphptube -- youphptube
 
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. 2019-10-25 7.5 CVE-2019-5128
MISC
youphptube -- youphptube
 
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack. 2019-10-25 7.5 CVE-2019-5129
MISC
ytnef -- ytnef
 
ytnef has directory traversal 2019-10-29 7.5 CVE-2009-3887
MISC
MISC
MISC
MISC
MISC
zend_framework -- zend_framework
 
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. 2019-10-25 7.5 CVE-2015-0270
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 5 CVE-2019-8087
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 4.3 CVE-2019-8083
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 4.3 CVE-2019-8084
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 4.3 CVE-2019-8085
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 4.3 CVE-2019-8234
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 5 CVE-2019-8081
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 5 CVE-2019-8082
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 5 CVE-2019-8086
CONFIRM
apache -- hadoop
 
Hadoop 1.0.3 contains a symlink vulnerability. 2019-10-29 5 CVE-2012-2945
MISC
MISC
apache -- thrift
 
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. 2019-10-29 5 CVE-2019-0210
CONFIRM
clipsoft -- rexpert ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 4.3 CVE-2019-17324
MISC
clipsoft -- rexpert
 
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 4.3 CVE-2019-17325
MISC
clipsoft -- rexpert
 
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 5.8 CVE-2019-17326
MISC
clipsoft -- rexpert
 
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 4.3 CVE-2019-17322
MISC
clipsoft -- rexpert
 
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required. 2019-10-30 5 CVE-2019-17321
MISC
clipsoft -- rexpert
 
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 6.8 CVE-2019-17323
MISC
corehr -- core_portal
 
CoreHR Core Portal before 27.0.7 allows stored XSS. 2019-10-25 4.3 CVE-2019-18221
MISC
MISC
debian_project -- mercurial
 
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. 2019-10-29 4.3 CVE-2010-4237
MISC
CONFIRM
CONFIRM
MISC
debian_project -- pootle
 
pootle 2.0.5 has XSS via 'match_names' parameter 2019-10-28 4.3 CVE-2010-4245
MISC
DEBIAN
MISC
MISC
debian_project -- xpdf
 
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. 2019-10-30 4.3 CVE-2010-0207
MISC
MISC
debian_project -- xpdf
 
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. 2019-10-30 4.3 CVE-2010-0206
MISC
MISC
debian_project -- zoo
 
Zoo 2.10 has Directory traversal 2019-10-28 5 CVE-2005-2349
MISC
MISC
devada -- dzone_and_answerhub
 
An XML External Entity Injection vulnerability exists in Dzone AnswerHub. 2019-10-28 5 CVE-2017-15725
MISC
digium -- asterisk
 
asterisk allows calls on prohibited networks 2019-10-29 5 CVE-2009-3723
MISC
MISC
MISC
fabrik -- fabrik
 
Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. 2019-10-29 4.3 CVE-2018-10727
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692. 2019-10-25 6.8 CVE-2019-17139
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276. 2019-10-25 6.8 CVE-2019-17145
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274. 2019-10-25 6.8 CVE-2019-17144
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081. 2019-10-25 6.8 CVE-2019-17142
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044. 2019-10-25 6.8 CVE-2019-17141
MISC
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273. 2019-10-25 4.3 CVE-2019-17143
MISC
foxit -- phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091. 2019-10-25 6.8 CVE-2019-17140
MISC
MISC
foxit -- studio_photo
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809. 2019-10-25 4.3 CVE-2019-17138
MISC
MISC
gnuboard -- gnuboard5
 
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter. 2019-10-30 4.3 CVE-2018-18678
MISC
MISC
MISC
gpw -- gpw
 
gpw generates shorter passwords than required 2019-10-29 5 CVE-2011-4931
MISC
MISC
MISC
MISC
honeywell -- ip-ak2
 
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. 2019-10-25 5 CVE-2019-13525
MISC
ibm -- api_connect
 
IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883. 2019-10-29 5 CVE-2019-4600
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. 2019-10-25 5 CVE-2019-4399
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261. 2019-10-25 4 CVE-2019-4400
XF
CONFIRM
ibm -- maximo_asset_management
 
After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948. 2019-10-29 6.5 CVE-2019-4546
XF
CONFIRM
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. 2019-10-25 5 CVE-2019-4036
XF
CONFIRM
ibm -- security_guardium_big_data_intelligence IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. 2019-10-29 5 CVE-2019-4339
XF
CONFIRM
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. 2019-10-29 6.4 CVE-2019-4306
XF
CONFIRM
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. 2019-10-29 5 CVE-2019-4314
XF
CONFIRM
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210. 2019-10-29 4.3 CVE-2019-4330
XF
CONFIRM
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209. 2019-10-29 4 CVE-2019-4329
XF
CONFIRM
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037. 2019-10-29 5 CVE-2019-4311
XF
CONFIRM
ikiwiki -- ikiwiki
 
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. 2019-10-30 4.3 CVE-2010-1673
CONFIRM
MISC
ikiwiki -- ikiwiki
 
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. 2019-10-29 4.3 CVE-2011-0428
CONFIRM
MISC
jetbrains -- teamcity
 
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. 2019-10-31 5 CVE-2019-18369
CONFIRM
jetbrains -- teamcity
 
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. 2019-10-31 5 CVE-2019-18363
CONFIRM
labkey -- labkey_server
 
An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. 2019-10-29 6.8 CVE-2019-9926
MISC
MISC
labkey -- labkey_server
 
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. 2019-10-29 5 CVE-2019-9757
MISC
MISC
libpod -- libpod
 
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host. 2019-10-28 5.8 CVE-2019-18466
MISC
MISC
MISC
MISC
mcafee -- mcafee_total_protection
 
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. 2019-10-28 4.6 CVE-2019-3636
CONFIRM
mediawiki -- mediawiki
 
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information. 2019-10-29 5 CVE-2019-18612
MISC
MISC
mediawiki -- mediawiki
 
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. 2019-10-31 4.3 CVE-2013-1951
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
mediawiki -- mediawiki
 
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. 2019-10-29 4 CVE-2019-18611
MISC
MISC
mediawiki -- mediawiki
 
mediawiki allows deleted text to be exposed 2019-10-29 5 CVE-2012-0046
MISC
MISC
MISC
mikrotik -- routeros
 
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records. 2019-10-29 5 CVE-2019-3979
MISC
mikrotik -- routeros
 
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. 2019-10-29 6.5 CVE-2019-3976
MISC
mikrotik -- routeros
 
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning 2019-10-29 5 CVE-2019-3978
MISC
MISC
milesight -- ip_security_cameras
 
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. 2019-10-25 5 CVE-2016-2358
MISC
MISC
MISC
milesight -- ip_security_cameras
 
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. 2019-10-25 5 CVE-2016-2360
MISC
MISC
MISC
milesight -- ip_security_cameras
 
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. 2019-10-25 5 CVE-2016-2357
MISC
MISC
MISC
mitsubishi_electric_and_inea -- me-rtu_devices

 
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. 2019-10-28 4 CVE-2019-14925
MISC
MISC
mitsubishi_electric_and_inea -- me-rtu_devices
 
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service. 2019-10-28 5 CVE-2019-14929
MISC
MISC
mitsubishi_electric_and_inea -- me-rtu_devices
 
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data). 2019-10-28 5 CVE-2019-14927
MISC
MISC
netapp -- clustered_data_ontap Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). 2019-10-25 5 CVE-2019-5508
MISC
openafs_foundation -- openafs OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. 2019-10-29 5 CVE-2019-18602
MISC
openafs_foundation -- openafs
 
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. 2019-10-29 4.3 CVE-2019-18603
MISC
openafs_foundation -- openafs
 
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. 2019-10-29 5 CVE-2019-18601
MISC
pimcore -- pimcore
 
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. 2019-10-31 4.3 CVE-2019-18656
MISC
pixelpost -- pixelpost
 
pixelpost 1.7.1 has XSS 2019-10-28 4.3 CVE-2009-4900
MISC
DEBIAN
MISC
python_keyring_lib -- python_keyring_lib
 
Python keyring lib before 0.10 created keyring files with world-readable permissions. 2019-10-28 5 CVE-2012-5577
MISC
CONFIRM
MISC
MISC
MISC
rittal -- rittal_chiller_sk_3232_series
 
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. 2019-10-25 5 CVE-2019-13549
FULLDISC
MISC
schneider_electric -- multiple_modicon_controllers
 
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol. 2019-10-29 4 CVE-2019-6841
CONFIRM
schneider_electric -- multiple_modicon_controllers
 
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol. 2019-10-29 4 CVE-2019-6842
CONFIRM
schneider_electric -- multiple_modicon_controllers
 
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol. 2019-10-29 4 CVE-2019-6843
CONFIRM
schneider_electric -- multiple_modicon_controllers
 
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. 2019-10-29 4 CVE-2019-6844
CONFIRM
schneider_electric -- multiple_modicon_controllers
 
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol. 2019-10-29 4 CVE-2019-6847
CONFIRM
schneider_electric -- multiple_modicon_controllers
 
A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module. 2019-10-29 5 CVE-2019-6849
CONFIRM
schneider_electric -- multiple_modicon_controllers
 
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module. 2019-10-29 5 CVE-2019-6848
CONFIRM
schneider_electric -- multiple_modicon_controllers
 
A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. 2019-10-29 5 CVE-2019-6850
CONFIRM
terramaster -- fs-210_devices
 
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. 2019-10-28 6.5 CVE-2019-18195
MISC
tightvnc_software -- tightvnc
 
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. 2019-10-29 5 CVE-2019-15680
MLIST
tiki_wiki -- cms_groupware
 
Tiki Wiki CMS Groupware 5.2 has XSS 2019-10-28 4.3 CVE-2010-4240
MISC
MISC
MISC
MISC
tiki_wiki -- cms_groupware
 
Tiki Wiki CMS Groupware 5.2 has CSRF 2019-10-28 6.8 CVE-2010-4241
MISC
MISC
MISC
MISC
total_defense -- anti-virus
 
The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted. 2019-10-31 5.8 CVE-2019-18644
MISC
transmission -- transmission
 
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. 2019-10-30 5 CVE-2010-0749
MISC
CONFIRM
MISC
CONFIRM
MLIST
trend_micro -- apex_one
 
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication. 2019-10-28 5 CVE-2019-18188
N/A
trend_micro -- office_scan
 
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. 2019-10-28 5 CVE-2019-18187
N/A
youphptube -- youphptube An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5120
MISC
youphptube -- youphptube
 
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. 2019-10-25 6.5 CVE-2019-5122
MISC
youphptube -- youphptube
 
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php 2019-10-25 6.5 CVE-2019-5121
MISC
youphptube -- youphptube
 
An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5119
MISC
youphptube -- youphptube
 
Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5117
MISC
youphptube -- youphptube
 
An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5116
MISC
youphptube -- youphptube
 
An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5114
MISC
youphptube -- youphptube
 
Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. 2019-10-25 6.5 CVE-2019-5123
MISC
zucchetti -- infobusiness Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter. 2019-10-30 4.3 CVE-2019-18205
MISC
zucchetti -- infobusiness
 
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. 2019-10-30 6.5 CVE-2019-18204
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- airflow
 
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. 2019-10-30 3.5 CVE-2019-12417
MLIST
d-link -- dir-865l_devices
 
D-Link DIR-865L has Information Disclosure. 2019-10-25 2.9 CVE-2013-4856
MISC
MISC
MISC
debian_project -- mailscanner
 
mailscanner can allow local users to prevent virus signatures from being updated 2019-10-28 2.1 CVE-2010-3293
MISC
DEBIAN
MISC
MISC
debian_project -- paxtext
 
paxtest handles temporary files insecurely 2019-10-29 2.1 CVE-2010-3373
MISC
MISC
MISC
gmer -- gmer A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability. 2019-10-29 2.1 CVE-2016-4289
MISC
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. 2019-10-25 2.1 CVE-2019-4395
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. 2019-10-25 3.5 CVE-2019-4396
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. 2019-10-25 3.5 CVE-2019-4461
XF
CONFIRM
ibm -- cloud_orchestrator
 
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. 2019-10-25 2.1 CVE-2019-4394
XF
CONFIRM
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. 2019-10-29 2.1 CVE-2019-4307
XF
CONFIRM
ibm -- security_guardium_big_data_intelligence
 
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. 2019-10-29 2.1 CVE-2019-4309
XF
CONFIRM
labkey -- labkey_server
 
An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation. 2019-10-29 3.5 CVE-2019-9758
MISC
MISC
mantisbt -- mantisbt
 
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. 2019-10-31 3.5 CVE-2013-1934
MISC
MISC
MISC
CONFIRM
MISC
mitsubishi_electric_and_inea -- me-rtu_devices
 
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. 2019-10-28 3.5 CVE-2019-14928
MISC
MISC
postgresql -- postgresql
 
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan. 2019-10-29 3.5 CVE-2019-10209
CONFIRM
CONFIRM
postgresql -- postgresql_windows_installer
 
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. 2019-10-29 1.9 CVE-2019-10210
CONFIRM
CONFIRM
total_defense -- antivirus
 
The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. 2019-10-31 2.1 CVE-2019-18645
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. 2019-10-31 not yet calculated CVE-2019-18229
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
advantech -- wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. 2019-10-31 not yet calculated CVE-2019-13547
MISC
MISC
advantech -- wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. 2019-10-31 not yet calculated CVE-2019-18227
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
advantech -- wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. 2019-10-31 not yet calculated CVE-2019-13551
MISC
MISC
MISC
MISC
MISC
amd -- atidxx64.dll_driver An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2019-10-31 not yet calculated CVE-2019-5049
MISC
apache -- struts Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. 2019-11-01 not yet calculated CVE-2011-3923
MISC
EXPLOIT-DB
BID
MISC
MISC
XF
MISC
apak -- wholesale_floorplanning_finance Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter to WFS/agreementView.faces in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG ?Notes? section are likely affected. 2019-10-31 not yet calculated CVE-2019-17551
MISC
archiver -- archiver All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. 2019-10-29 not yet calculated CVE-2019-10743
MISC
MISC
MISC
archos -- safe-t_devices On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 not yet calculated CVE-2019-14358
MISC
aruba -- instant Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. 2019-10-30 not yet calculated CVE-2018-16417
BID
CONFIRM
MISC
CONFIRM
MISC
atlantis_word_processor -- atlantis_word_processor An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2018-3983
MISC
atlassian -- infosysta_for_jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. 2019-11-01 not yet calculated CVE-2019-16908
MISC
MISC
atlassian -- infosysta_for_jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. 2019-11-01 not yet calculated CVE-2019-16909
MISC
MISC
atlassian -- infosysta_for_jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI. 2019-10-31 not yet calculated CVE-2019-16907
MISC
BUGTRAQ
atlassian -- infosysta_for_jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. 2019-10-31 not yet calculated CVE-2019-16906
MISC
BUGTRAQ
atlassian -- jira An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin. 2019-10-31 not yet calculated CVE-2019-5095
MISC
autojump -- autojump autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. 2019-10-31 not yet calculated CVE-2013-2012
MISC
MISC
MISC
CONFIRM
CONFIRM
MISC
avast -- antivirus A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 not yet calculated CVE-2019-18653
MISC
MISC
avg_technologies -- avg_antivirus A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 not yet calculated CVE-2019-18654
MISC
MISC
axohelp -- axohelp In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. 2019-10-29 not yet calculated CVE-2019-18604
MISC
bitdefender -- box_firmware An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode. 2019-10-31 not yet calculated CVE-2019-12612
CONFIRM
centos-webpanel -- centos_web_panel Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim. 2019-10-31 not yet calculated CVE-2019-16295
MISC
CONFIRM
cezerin -- cezerin Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js. 2019-10-29 not yet calculated CVE-2019-18608
MISC
chicken -- chicken OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. 2019-10-31 not yet calculated CVE-2013-2024
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
chicken -- chicken Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. 2019-10-31 not yet calculated CVE-2013-2075
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC
chicken -- chicken A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." 2019-10-31 not yet calculated CVE-2012-6124
MISC
MISC
CONFIRM
MISC
chicken -- chicken Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." 2019-10-31 not yet calculated CVE-2012-6123
MISC
MISC
MISC
chicken -- chicken Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. 2019-10-31 not yet calculated CVE-2012-6125
MISC
MISC
CONFIRM
CONFIRM
MISC
chicken -- chicken Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. 2019-10-31 not yet calculated CVE-2012-6122
MISC
MISC
MISC
MISC
MISC
CONFIRM
CONFIRM
MISC
compal -- ch7465lg_modem The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. 2019-10-28 not yet calculated CVE-2019-17224
MISC
MISC
cujo -- smart_firewall An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability. 2019-10-31 not yet calculated CVE-2018-4031
MISC
cujo -- smart_firewall An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2018-4002
MISC
debian_project -- autokey The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. 2019-10-30 not yet calculated CVE-2010-0398
MISC
MISC
debian_project -- burn burn allows file names to escape via mishandled quotation marks 2019-10-31 not yet calculated CVE-2009-5043
MISC
debian_project -- debian The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected. 2019-10-30 not yet calculated CVE-2018-5735
CONFIRM
debian_project -- mumble Mumble: murmur-server has DoS due to malformed client query 2019-10-31 not yet calculated CVE-2010-2490
MISC
MISC
MISC
debian_project -- overkill overkill has buffer overflow via long player names that can corrupt data on the server machine 2019-10-31 not yet calculated CVE-2009-5041
MISC
debian_project -- python-docutils python-docutils allows insecure usage of temporary files 2019-10-31 not yet calculated CVE-2009-5042
MISC
debian_project -- drbd8 drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. 2019-10-30 not yet calculated CVE-2010-0747
MISC
CONFIRM
debian_project -- mutt Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. 2019-11-01 not yet calculated CVE-2005-2351
MISC
MISC
elastic -- elasticsearch Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. 2019-10-30 not yet calculated CVE-2019-7619
CONFIRM
CONFIRM
CONFIRM
elastic -- logstash Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding. 2019-10-30 not yet calculated CVE-2019-7620
CONFIRM
CONFIRM
CONFIRM
european_commission -- eidas_node_integration_package European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. 2019-10-30 not yet calculated CVE-2019-18633
MISC
european_commission -- eidas_node_integration_package European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. 2019-10-30 not yet calculated CVE-2019-18632
MISC
f5 -- big-ip On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. 2019-11-01 not yet calculated CVE-2019-6657
CONFIRM
f5 -- big-ip_afm On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. 2019-11-01 not yet calculated CVE-2019-6658
CONFIRM
facebook -- whatsapp The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. 2019-11-02 not yet calculated CVE-2019-18659
MISC
fastweb -- fastgate_devices Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. 2019-11-02 not yet calculated CVE-2019-18661
MISC
MISC
fortinet -- fortiextender An OS command injection vulnerability in FortiExtender 4.1.1 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. 2019-10-31 not yet calculated CVE-2019-15710
CONFIRM
foswiki -- foswiki Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. 2019-11-01 not yet calculated CVE-2013-1666
CONFIRM
MISC
MISC
MISC
freebsd --freebsd /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD has XSS via a filename. 2019-11-02 not yet calculated CVE-2019-18667
MISC
freebsd -- freebsd FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. 2019-11-01 not yet calculated CVE-2012-2979
MISC
CONFIRM
MISC
freetds -- freetds FreeTDS through 1.1.11 has a Buffer Overflow. 2019-10-31 not yet calculated CVE-2019-13508
MISC
glpi_project -- glpi GLPI 0.83.7 has Local File Inclusion in common.tabs.php. 2019-11-01 not yet calculated CVE-2013-2227
MISC
MISC
MISC
MISC
MISC
gnome -- evince evince is missing a check on number of pages which can lead to a segmentation fault 2019-11-01 not yet calculated CVE-2013-3718
MISC
MISC
MISC
MISC
google -- nest_cam_iq_indoor An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5043
MISC
grsecurity -- pax An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability. 2019-10-31 not yet calculated CVE-2019-5023
MISC
gs-gpl -- gs-gpl I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. 2019-11-01 not yet calculated CVE-2005-2352
MISC
MISC
honeywell -- equip_and_performance_series_ip_cameras Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. 2019-10-31 not yet calculated CVE-2019-18230
MISC
honeywell -- equip_and_performance_series_ip_cameras_and_recorders Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. 2019-10-31 not yet calculated CVE-2019-18226
MISC

honeywell -- equip_ip_and_multiple_equip_series_cameras

Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affe products where a specially crafted HTTP packet request could result in a denial of service. 2019-10-31 not yet calculated CVE-2019-18228
MISC
hunt_cctv -- multiple_cctv_devices Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. 2019-10-30 not yet calculated CVE-2013-1391
MISC
MISC
BID
hyundai -- pay_kasse_hk-1000_devices On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 not yet calculated CVE-2019-14360
MISC
icedtea6 -- icedtea6 IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. 2019-10-31 not yet calculated CVE-2010-2783
CONFIRM
MISC
MISC
MISC
icedtea6 -- icedtea6 IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. 2019-10-31 not yet calculated CVE-2010-2548
CONFIRM
MISC
MISC
ikiwiki -- ikiwiki ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. 2019-10-29 not yet calculated CVE-2011-1408
CONFIRM
MISC
MISC
MISC
internet_systems_consortium -- bind There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. 2019-11-01 not yet calculated CVE-2019-6470
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ipswitch -- progress_movieit_transfer In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. 2019-10-31 not yet calculated CVE-2019-18465
CONFIRM
CONFIRM
ipswitch -- progress_movieit_transfer In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. 2019-10-31 not yet calculated CVE-2019-18464
CONFIRM
CONFIRM
CONFIRM
CONFIRM
jetbrains -- hub In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. 2019-10-31 not yet calculated CVE-2019-18360
CONFIRM
jetbrains -- intellij_idea JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. 2019-10-31 not yet calculated CVE-2019-18361
CONFIRM
jetbrains -- mps JetBrains MPS before 2019.2.2 exposed listening ports to the network. 2019-10-31 not yet calculated CVE-2019-18362
CONFIRM
jetbrains -- teaamcity In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. 2019-10-31 not yet calculated CVE-2019-18367
CONFIRM
jetbrains -- teaamcity In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. 2019-10-31 not yet calculated CVE-2019-18365
CONFIRM
jetbrains -- teaamcity In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. 2019-10-31 not yet calculated CVE-2019-18366
CONFIRM
jetbrains -- toolbox_app In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. 2019-10-31 not yet calculated CVE-2019-18368
CONFIRM
jitbit -- jitbit A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. 2019-11-01 not yet calculated CVE-2019-18636
MISC
MISC
libvnc -- libvnc LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. 2019-10-29 not yet calculated CVE-2019-15681
MISC
MLIST
MLIST
linux -- linux_kernel ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. 2019-11-01 not yet calculated CVE-2013-4367
MISC
MISC
magento -- magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input. 2019-10-30 not yet calculated CVE-2019-8235
CONFIRM
manageiq -- manageiq_evm Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-11-01 not yet calculated CVE-2013-0186
CONFIRM
MISC
mantisbt -- mantisbt A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. 2019-10-31 not yet calculated CVE-2013-1931
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
mantisbt -- mantisbt A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. 2019-10-31 not yet calculated CVE-2013-1932
MISC
MISC
MISC
CONFIRM
MISC
mantisbt -- mantisbt MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. 2019-10-31 not yet calculated CVE-2013-1930
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mapserver -- mapserver Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. 2019-10-29 not yet calculated CVE-2010-1678
MISC
MISC
CONFIRM
maxthon -- maxthon_browser_for_windows Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. 2019-10-29 not yet calculated CVE-2019-16647
MISC
MISC
minidlna -- minidlna MiniDLNA has heap-based buffer overflow 2019-11-01 not yet calculated CVE-2013-2739
MISC
MISC
minidlna -- minidlna minidlna has SQL Injection that may allow retrieval of arbitrary files 2019-11-01 not yet calculated CVE-2013-2738
MISC
MISC
MISC
MISC
miniupnpd -- miniupnpd MiniUPnPd has information disclosure use of snprintf() 2019-11-01 not yet calculated CVE-2013-2600
MISC
MISC
MISC
MISC
MISC
mooltipass -- moolticute An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp. 2019-10-30 not yet calculated CVE-2019-18635
MISC
MISC
opera -- opera_mini_for_android Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. 2019-10-29 not yet calculated CVE-2019-18624
MISC
MISC
phoenix_contact -- pc_works_and_pc_worx_express_and_config+ An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. 2019-10-31 not yet calculated CVE-2019-16675
MISC
MISC
MISC
postgresql -- postgresql A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. 2019-10-29 not yet calculated CVE-2019-10208
CONFIRM
CONFIRM
postgresql -- postgresql_windows_installer Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. 2019-10-29 not yet calculated CVE-2019-10211
CONFIRM
CONFIRM
project_jupyter -- jupyter_notebook Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. 2019-10-31 not yet calculated CVE-2018-21030
MISC
MISC
python -- python An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5010
MISC
qtum -- qtum qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-10-29 not yet calculated CVE-2018-19151
MISC
MISC

rainbow_pdf -- office_server_document_converter

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution. 2019-10-31 not yet calculated CVE-2019-5030
MISC
rdesktop -- rdesktop RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 2019-10-30 not yet calculated CVE-2019-15682
MISC
red_hat -- jboss_operations_network A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. 2019-10-30 not yet calculated CVE-2010-0737
MISC
red_hat -- openshift cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. 2019-11-01 not yet calculated CVE-2013-0165
MISC
red_hat -- openstack HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. 2019-11-01 not yet calculated CVE-2013-2255
MISC
MISC
MISC
MISC
MISC
MISC
MISC
red_hat -- red_hat_enterprise_linux While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected. 2019-10-30 not yet calculated CVE-2018-5742
CONFIRM
redis -- redis Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. 2019-11-01 not yet calculated CVE-2013-0180
MLIST
MISC
redis -- redis Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. 2019-11-01 not yet calculated CVE-2013-0178
MISC
MISC
MISC
MISC
MISC
MISC
rpcbind -- rpcbind rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. 2019-10-29 not yet calculated CVE-2010-2061
MISC
MISC
MISC
MISC
MLIST
rpcbind -- rpcbind rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. 2019-10-29 not yet calculated CVE-2010-2064
MISC
MISC
MISC
MLIST
ruby193 -- ruby193 ruby193 uses an insecure LD_LIBRARY_PATH setting. 2019-10-31 not yet calculated CVE-2013-1945
MISC
sahi_pro -- sahi_pro Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS. 2019-10-29 not yet calculated CVE-2019-13066
MISC
MISC
schneider_electric -- multiple_modicon_products A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. 2019-10-29 not yet calculated CVE-2019-6845
CONFIRM
schneider_electric -- multiple_modicon_products A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol. 2019-10-29 not yet calculated CVE-2019-6851
CONFIRM
schneider_electric -- multiple_modicon_products A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. 2019-10-29 not yet calculated CVE-2019-6846
CONFIRM
secudos -- domos The Log module in SECUDOS DOMOS before 5.6 allows XSS. 2019-11-02 not yet calculated CVE-2019-18664
MISC
secudos -- domos The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. 2019-11-02 not yet calculated CVE-2019-18665
MISC
sensiolabs -- php-symphony2-validator php-symfony2-Validator has loss of information during serialization 2019-11-01 not yet calculated CVE-2013-4751
MISC
MISC
MISC
MISC
MISC
MISC
shift_cryptosecurity -- bitbox02 On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. Note: BIP39 secrets are not displayed by default on this device. The side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 not yet calculated CVE-2019-18673
MISC
sierra_wireless -- airlink_es450_fw An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2018-4064
MISC
smokeping -- smokeping Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. 2019-11-01 not yet calculated CVE-2013-4168
MISC
MISC
MISC
MISC
MISC
MISC
sonatype -- nexus_repository_manager There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. 2019-11-01 not yet calculated CVE-2019-15588
MISC
CONFIRM
symantec -- sonar The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. 2019-11-01 not yet calculated CVE-2019-12752
CONFIRM
systemd -- systemd systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. 2019-10-30 not yet calculated CVE-2018-21029
MISC
MISC
MISC
technicolor -- td5130v2_devices An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017?14127. 2019-10-31 not yet calculated CVE-2019-18396
MISC
MISC
tightrope_media_systems -- carousel The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system. 2019-10-29 not yet calculated CVE-2018-18929
MISC
tightrope_media_systems -- carousel An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the Carousel.Service.exe file with a custom malicious executable. This service is independent of the associated IIS web site, which means that this service can be manipulated by an attacker without losing access to vulnerabilities in the web interface (which would potentially be used in conjunction with this attack, to control the service). Once the attacker has replaced Carousel.Service.exe, the server can be restarted using the command "shutdown -r -t 0" from a web shell, causing the system to reboot and launching the malicious Carousel.Service.exe as SYSTEM on startup. If this malicious Carousel.Service.exe is configured to launch a reverse shell back to the attacker, then upon reboot the attacker will have a fully privileged remote command-line environment to manipulate the system further. 2019-10-29 not yet calculated CVE-2018-18931
MISC
tightrope_media_systems -- carousel The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing "Bulletins") containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user. 2019-10-29 not yet calculated CVE-2018-18930
MISC

trend_micro -- apex_one_and_officescan_and_worry-free_business_security

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. 2019-10-28 not yet calculated CVE-2019-18189
N/A
turbovnc -- turbovnc TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e. 2019-10-29 not yet calculated CVE-2019-15683
MISC
twiki -- twiki TWiki allows arbitrary shell command execution via the Include function 2019-11-01 not yet calculated CVE-2005-3056
DEBIAN
MISC
CONFIRM
typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. 2019-11-01 not yet calculated CVE-2010-3661
MISC
MISC
CONFIRM
typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. 2019-11-01 not yet calculated CVE-2010-3660
MISC
MISC
CONFIRM
vmware -- esxi_and_workstation_and_fusion VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. 2019-10-28 not yet calculated CVE-2019-5536
MISC
vmware -- sd-wan In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3. 2019-10-29 not yet calculated CVE-2019-5533
CONFIRM
vmware -- vcenter_server_appliance Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. 2019-10-28 not yet calculated CVE-2019-5537
MISC
vmware -- vcenter_server_appliance Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. 2019-10-28 not yet calculated CVE-2019-5538
MISC
websieve -- websieve Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. 2019-11-01 not yet calculated CVE-2005-2350
MISC
MISC
wordpress -- wordpress plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. 2019-10-31 not yet calculated CVE-2019-16251
MISC
MISC
wordpress -- wordpress An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price. 2019-11-02 not yet calculated CVE-2019-18668
MISC
MISC
xen_project -- xen An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. 2019-10-31 not yet calculated CVE-2019-18425
MLIST
MISC
xen_project -- xen An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. 2019-10-31 not yet calculated CVE-2019-18423
MLIST
MISC
xen_project -- xen An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. 2019-10-31 not yet calculated CVE-2019-18422
MLIST
MISC
xen_project -- xen An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. 2019-10-31 not yet calculated CVE-2019-18424
MLIST
MISC
xen_project -- xen An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability. 2019-10-31 not yet calculated CVE-2019-18420
MLIST
MISC
xen_project -- xen An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability. 2019-10-31 not yet calculated CVE-2019-18421
MLIST
MISC
yandex -- clickhouse ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. 2019-10-31 not yet calculated CVE-2019-18657
MISC
MISC
MISC
youphptube -- youphptube An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. 2019-11-02 not yet calculated CVE-2019-18662
MISC
youphptube -- youphptube An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5151
MISC
youphptube -- youphptube An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5150
MISC
yum -- yum yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. 2019-10-31 not yet calculated CVE-2013-1910
MISC
MISC
MISC
MISC
MISC
MISC
zte -- zx297520v3 The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system. 2019-10-31 not yet calculated CVE-2019-3421
CONFIRM
zte -- zxmp A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service. 2019-10-31 not yet calculated CVE-2019-3419
CONFIRM
zuchetti -- infobusiness In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. 2019-10-30 not yet calculated CVE-2019-18207
MISC
zuchetti -- infobusiness A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. 2019-10-30 not yet calculated CVE-2019-18206
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No