Bulletin (SB19-343)

Vulnerability Summary for the Week of December 2, 2019

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
embedthis -- goahead An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server. 2019-12-03 7.5 CVE-2019-5096
MISC
titanhq -- webtitan An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access. 2019-12-02 7.2 CVE-2019-19014
MISC
MISC
titanhq -- webtitan
 
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code. 2019-12-02 10 CVE-2019-19015
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
accusoft -- imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability. 2019-12-03 6.8 CVE-2019-5076
MISC
accusoft -- imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2019-12-03 6.8 CVE-2019-5083
MISC
accusoft -- imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2019-12-03 6.8 CVE-2019-5132
MISC
accusoft -- imagegear
 
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 2019-12-03 6.8 CVE-2019-5133
MISC
debian -- devscripts
 
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. 2019-12-03 6.5 CVE-2013-7325
MISC
MISC
MISC
embedthis -- goahead
 
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server. 2019-12-03 5 CVE-2019-5097
MISC
forma -- forma.lms
 
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. 2019-12-03 6.5 CVE-2019-5109
MISC
forma -- forma.lms
 
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. 2019-12-03 6.5 CVE-2019-5110
MISC
forma -- forma.lms
 
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. 2019-12-03 6.5 CVE-2019-5111
MISC
forma -- forma.lms
 
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. 2019-12-03 6.5 CVE-2019-5112
MISC
fusionpbx -- fusionpbx A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. 2019-11-29 4.3 CVE-2019-19388
MISC
MISC
fusionpbx -- fusionpbx
 
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. 2019-11-29 4.3 CVE-2019-19384
MISC
MISC
fusionpbx -- fusionpbx
 
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. 2019-11-29 4.3 CVE-2019-19385
MISC
MISC
fusionpbx -- fusionpbx
 
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. 2019-11-29 4.3 CVE-2019-19387
MISC
MISC
fusionpbx -- fusionpbx
 
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. 2019-11-29 4.3 CVE-2019-19386
MISC
MISC
huawei -- multiple_home_routers
 
Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege. 2019-11-29 4.6 CVE-2019-5269
CONFIRM
huawei -- nova_5i_pro_and_nova_5_smartphones
 
Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. 2019-11-29 4.4 CVE-2019-5210
CONFIRM
huawei -- p30_and_mate_20_and_p30_pro_smartphones
 
P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution. 2019-11-29 6.8 CVE-2019-5225
CONFIRM
libgwenhywfar -- libgwenhywfar
 
An issue exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. 2019-12-03 5 CVE-2015-7542
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. 2019-11-29 6.8 CVE-2019-19378
MISC
linux -- linux_kernel In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. 2019-11-29 6.8 CVE-2019-19377
MISC
piwigo -- piwigo
 
piwigo has XSS in password.php 2019-12-02 4.3 CVE-2012-4525
MISC
MISC
MISC
MISC
MISC
piwigo -- piwigo
 
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) 2019-12-02 4.3 CVE-2012-4526
MISC
MISC
MISC
MISC
MISC
shadowsocks -- shadowsocks-libev An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. 2019-12-03 4.3 CVE-2019-5163
MISC
shadowsocks -- shadowsocks-libev
 
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. 2019-12-03 4.6 CVE-2019-5164
MISC
testlink -- testlink
 
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. 2019-12-02 4.3 CVE-2019-19491
MISC
titanhq -- webtitan
 
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database. 2019-12-02 5 CVE-2019-19016
MISC
MISC
wireshark -- wireshark In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. 2019-12-05 5 CVE-2019-19553
MISC
MISC
MISC
wordpress -- wordpress The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks. 2019-12-04 4.3 CVE-2019-19133
MISC
MISC
MISC
wso2 -- enterprise_integrator
 
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console. 2019-12-05 4.3 CVE-2019-19587
MISC
zanata -- zanata
 
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging 2019-12-03 6.8 CVE-2013-4486
MISC
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
gitbook -- gitbook GitBook through 2.6.9 allows XSS via a local .md file. 2019-12-05 3.5 CVE-2019-19596
MISC
gnupg -- libgcrypt_and_gnupg Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. 2019-11-29 1.9 CVE-2014-3591
MISC
MISC
MISC
MISC
MISC
ibm -- cloud_pak_system
 
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774. 2019-12-03 2.1 CVE-2019-4465
XF
CONFIRM
qnap-- qts
 
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. 2019-12-04 3.5 CVE-2019-7197
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
10-strike_software -- free_photo_viewer Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry. 2019-11-30 not yet calculated CVE-2019-19468
MISC
allied_telesis -- at-gs950/8_devices A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. 2019-11-29 not yet calculated CVE-2019-18922
MISC
FULLDISC
MISC
amd -- atidxx64.dll_driver An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2019-12-05 not yet calculated CVE-2019-5098
MISC

anhui_huami_information_technology -- mi_fit_application

The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. 2019-11-30 not yet calculated CVE-2019-19463
MISC
apache -- olingo The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks. 2019-12-04 not yet calculated CVE-2019-17554
MLIST
apache -- olingo The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack. 2019-12-04 not yet calculated CVE-2019-17555
MLIST
apache -- olingo Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case. 2019-12-04 not yet calculated CVE-2019-17556
MLIST
armeria -- armeria Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking. 2019-12-06 not yet calculated CVE-2019-16771
MISC
CONFIRM
autodesk -- desktop_application DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system. 2019-12-03 not yet calculated CVE-2019-7365
CONFIRM
autodesk -- fbx_software_development_kit Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system. 2019-12-03 not yet calculated CVE-2019-7366
CONFIRM
autodesk -- desktop_application DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system. 2019-12-03 not yet calculated CVE-2019-7365
CONFIRM
autodesk -- fbx_software_development_kit Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system. 2019-12-03 not yet calculated CVE-2019-7366
CONFIRM
aviatrix -- vpn_client Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. 2019-12-05 not yet calculated CVE-2019-17388
MISC
MISC
MISC
aviatrix -- vpn_client An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS. 2019-12-05 not yet calculated CVE-2019-17387
MISC
MISC
MISC
axtls -- axtls
 
process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. 2019-12-03 not yet calculated CVE-2019-9689
MISC
MISC
cbc -- cbc_gem_application_for_android The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. 2019-11-30 not yet calculated CVE-2019-19464
MISC
chkstat -- chkstat
 
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges. 2019-12-05 not yet calculated CVE-2019-3690
CONFIRM
chkstat -- chkstat The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges. 2019-12-05 not yet calculated CVE-2019-3690
CONFIRM
ckeditor -- ckeditor pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 for CKEditor mishandles certain characters in pathnames. 2019-12-02 not yet calculated CVE-2019-19502
MISC
MISC
MISC
MISC
d-link -- dap-1860_devices

 
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function. 2019-12-05 not yet calculated CVE-2019-19598
MISC
MISC
d-link -- dap-1860_devices
 
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. 2019-12-05 not yet calculated CVE-2019-19597
MISC
MISC
daps -- daps An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0. 2019-12-04 not yet calculated CVE-2019-16752
MISC
daps -- daps An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0. 2019-12-04 not yet calculated CVE-2019-16753
MISC
davical -- davical A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user. 2019-12-04 not yet calculated CVE-2019-18346
MISC
MISC
MISC
davical -- davical A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email. 2019-12-04 not yet calculated CVE-2019-18347
MISC
MISC
MISC
dell -- command_update
 
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. 2019-12-03 not yet calculated CVE-2019-3750
MISC
dell -- command_update
 
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. 2019-12-03 not yet calculated CVE-2019-3749
MISC
dell -- command_configure Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system. 2019-12-06 not yet calculated CVE-2019-18575
MISC
dell -- command_update Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. 2019-12-03 not yet calculated CVE-2019-3750
MISC
dell -- command_update Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. 2019-12-03 not yet calculated CVE-2019-3749
MISC
dell -- rsa_authentication_manager_software RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser. 2019-12-03 not yet calculated CVE-2019-18574
MISC
django -- django Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) 2019-12-02 not yet calculated CVE-2019-19118
MLIST
MISC
MISC
CONFIRM
documize -- documize domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS. 2019-12-06 not yet calculated CVE-2019-19619
MISC
MISC
MISC
documize -- documize domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS. 2019-12-06 not yet calculated CVE-2019-19619
MISC
MISC
MISC
ezmaster -- exmaster The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root) 2019-11-29 not yet calculated CVE-2019-16767
MISC
MISC
CONFIRM
freeswitch -- freeswitch FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. 2019-12-02 not yet calculated CVE-2019-19492
MISC
fronius -- solar_inverter_devices admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal. 2019-12-04 not yet calculated CVE-2019-19229
MISC
MISC
MISC
fronius -- solar_inverter_devices Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file. 2019-12-04 not yet calculated CVE-2019-19228
MISC
MISC
MISC
gnome -- dia When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. 2019-11-29 not yet calculated CVE-2019-19451
MISC
google -- android In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796 2019-12-06 not yet calculated CVE-2019-2217
MISC
google -- android

 
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 2019-12-06 not yet calculated CVE-2019-9464
MISC
google -- android
 
In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986 2019-12-06 not yet calculated CVE-2019-2224
MISC
google -- android
 
In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 2019-12-06 not yet calculated CVE-2019-2223
MISC
google -- android
 
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 2019-12-06 not yet calculated CVE-2019-2221
MISC
google -- android
 
In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 2019-12-06 not yet calculated CVE-2019-2227
MISC
google -- android
 
In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 2019-12-06 not yet calculated CVE-2019-2226
MISC
google -- android
 
When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 2019-12-06 not yet calculated CVE-2019-2225
MISC
google -- android
 
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 2019-12-06 not yet calculated CVE-2019-2222
MISC
google -- android
 
In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 2019-12-06 not yet calculated CVE-2019-2230
MISC
google -- android
 
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 2019-12-06 not yet calculated CVE-2019-2220
MISC
google -- android
 
In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698 2019-12-06 not yet calculated CVE-2019-2219
MISC
google -- android
 
In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173 2019-12-06 not yet calculated CVE-2019-2218
MISC
google -- android
 
In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555 2019-12-06 not yet calculated CVE-2019-2231
MISC
google -- android
 
In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678 2019-12-06 not yet calculated CVE-2019-2232
MISC
google -- android
 
In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 2019-12-06 not yet calculated CVE-2019-2229
MISC
google -- android
 
In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 2019-12-06 not yet calculated CVE-2019-2228
MISC
google -- android In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 2019-12-06 not yet calculated CVE-2019-2221
MISC
google -- android In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986 2019-12-06 not yet calculated CVE-2019-2224
MISC
google -- android When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 2019-12-06 not yet calculated CVE-2019-2225
MISC
google -- android In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 2019-12-06 not yet calculated CVE-2019-2223
MISC
google -- android In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 2019-12-06 not yet calculated CVE-2019-2229
MISC
google -- android In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 2019-12-06 not yet calculated CVE-2019-2230
MISC
google -- android In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555 2019-12-06 not yet calculated CVE-2019-2231
MISC
google -- android In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678 2019-12-06 not yet calculated CVE-2019-2232
MISC
google -- android n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 2019-12-06 not yet calculated CVE-2019-2222
MISC
google -- android In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 2019-12-06 not yet calculated CVE-2019-2227
MISC
google -- android In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 2019-12-06 not yet calculated CVE-2019-2220
MISC
google -- android In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173 2019-12-06 not yet calculated CVE-2019-2218
MISC
google -- android In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 2019-12-06 not yet calculated CVE-2019-2226
MISC
google -- android In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796 2019-12-06 not yet calculated CVE-2019-2217
MISC
google -- android In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 2019-12-06 not yet calculated CVE-2019-2228
MISC
google -- android In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 2019-12-06 not yet calculated CVE-2019-9464
MISC
google -- android In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698 2019-12-06 not yet calculated CVE-2019-2219
MISC
harbor -- harbor A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality. 2019-12-03 not yet calculated CVE-2019-3990
CONFIRM
MISC
harbor -- harbor A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality. 2019-12-03 not yet calculated CVE-2019-3990
CONFIRM
MISC
hashicorp -- terraform When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. 2019-12-02 not yet calculated CVE-2019-19316
CONFIRM
huawei -- atlas_300_and_atlas_500
 
Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. 2019-11-29 not yet calculated CVE-2019-5247
CONFIRM
huawei -- band_2_and_honor_band_3
 
There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. 2019-11-29 not yet calculated CVE-2019-5218
CONFIRM
huawei -- hisuite_and_hwbackup HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. 2019-11-29 not yet calculated CVE-2019-5263
CONFIRM
huawei -- honor_play_smartphones
 
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. 2019-11-29 not yet calculated CVE-2019-5309
CONFIRM
huawei -- mate_20_rs_smartphones
 
Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. 2019-11-29 not yet calculated CVE-2019-5308
CONFIRM
huawei -- multiple_home_routers
 
Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. 2019-11-29 not yet calculated CVE-2019-5268
CONFIRM
huawei -- myna_smart_speaker There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations. 2019-11-29 not yet calculated CVE-2019-5271
CONFIRM
huawei -- p20_phones
 
The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. 2019-11-29 not yet calculated CVE-2019-5211
CONFIRM
huawei -- p30_and_p30_pro_and_mate_20_smartphones

 
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. 2019-11-29 not yet calculated CVE-2019-5227
CONFIRM
huawei -- p30_and_p30_pro_and_mate_20_smartphones
 
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. 2019-11-29 not yet calculated CVE-2019-5226
CONFIRM
huawei -- p30_smartphones
 
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and information disclosure. 2019-11-29 not yet calculated CVE-2019-5224
CONFIRM
huawei -- share
 
There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure. 2019-11-29 not yet calculated CVE-2019-5212
CONFIRM
huawei -- viewpoint_products There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak. 2019-11-29 not yet calculated CVE-2019-5232
CONFIRM
ibm -- cloud_pak_system IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243. 2019-12-03 not yet calculated CVE-2019-4226
XF
CONFIRM
ibm -- cloud_pak_system
 
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776. 2019-12-03 not yet calculated CVE-2019-4467
XF
CONFIRM
ibm -- cloud_pak_system
 
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777. 2019-12-03 not yet calculated CVE-2019-4468
XF
CONFIRM
ibm -- cloud_pak_system
 
IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280. 2019-12-03 not yet calculated CVE-2019-4130
XF
CONFIRM
ibm -- cloud_pak_system
 
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020. 2019-12-03 not yet calculated CVE-2019-4098
XF
CONFIRM
ibm -- cloud_pak_system IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776. 2019-12-03 not yet calculated CVE-2019-4467
XF
CONFIRM
ibm -- cloud_pak_system IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280. 2019-12-03 not yet calculated CVE-2019-4130
XF
CONFIRM
ibm -- cloud_pak_system IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020. 2019-12-03 not yet calculated CVE-2019-4098
XF
CONFIRM
intelbras -- iwr_3000n_devices Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600. 2019-12-05 not yet calculated CVE-2019-19007
MISC
kaspersky -- multiple_products Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products 2019-12-02 not yet calculated CVE-2019-15689
CONFIRM
kentico -- kentico Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. 2019-12-02 not yet calculated CVE-2019-19493
MISC
libyang -- libyang In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. 2019-12-06 not yet calculated CVE-2019-19333
CONFIRM
CONFIRM
libyang -- libyang In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. 2019-12-06 not yet calculated CVE-2019-19334
CONFIRM
CONFIRM
linux -- linux_kernel fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. 2019-12-05 not yet calculated CVE-2019-19602
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. 2019-11-30 not yet calculated CVE-2019-19462
MISC
MISC
MISC
MISC
MISC
litemanger -- litemanager LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. 2019-12-02 not yet calculated CVE-2019-19490
MISC
max_secure -- anti_virus_plus Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. 2019-12-03 not yet calculated CVE-2019-19382
MISC
MISC
mcafee -- web_advisor Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. 2019-12-03 not yet calculated CVE-2019-3665
CONFIRM
mcafee -- web_advisor
 
API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site. 2019-12-03 not yet calculated CVE-2019-3666
CONFIRM
mcafee -- web_advisor API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site. 2019-12-03 not yet calculated CVE-2019-3666
CONFIRM
mcafee -- web_advisor Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. 2019-12-03 not yet calculated CVE-2019-3665
CONFIRM
myphpadmin -- myphpadmin phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. 2019-12-06 not yet calculated CVE-2019-19617
MISC
MISC
MLIST
MISC
napc -- xinet_elegant_6_asset_library NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. 2019-12-02 not yet calculated CVE-2019-19245
MISC
MISC
norton -- password_manager Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. 2019-12-05 not yet calculated CVE-2019-18381
CONFIRM
norton -- password_manager Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. 2019-12-05 not yet calculated CVE-2019-19546
CONFIRM
okaycms -- okaycms In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison. 2019-12-03 not yet calculated CVE-2019-16885
MISC
FULLDISC
MISC
omnios_community_edition -- omnios_community_edition illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences. 2019-11-29 not yet calculated CVE-2019-19396
MISC
MISC
opencv -- opencv An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. 2019-12-06 not yet calculated CVE-2019-19624
MISC
MISC
opencv -- opencv
 
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. 2019-12-06 not yet calculated CVE-2019-19624
MISC
MISC
opendetex -- opendetex
 
OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf. 2019-12-05 not yet calculated CVE-2019-19601
MISC
opensc -- opensc An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. 2019-12-01 not yet calculated CVE-2019-19481
MISC
MISC
openwrt_project -- openwrt OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). 2019-12-03 not yet calculated CVE-2019-18993
CONFIRM
openwrt_project -- openwrt OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). 2019-12-03 not yet calculated CVE-2019-18992
CONFIRM
otrs -- otrs_community_edition_and_otrs Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions. 2019-12-05 not yet calculated CVE-2019-18180
CONFIRM
palo_alto_networks -- pan-os An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. 2019-12-05 not yet calculated CVE-2019-17437
CONFIRM
phpmyadmin -- phpmyadmin
 
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. 2019-12-06 not yet calculated CVE-2019-19617
MISC
MISC
MLIST
MISC
proftpd -- proftpd An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. 2019-11-30 not yet calculated CVE-2019-19269
MISC
MLIST
FEDORA
FEDORA
puma -- puma In Puma before version 4.3.2, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. 2019-12-05 not yet calculated CVE-2019-16770
CONFIRM
qnap -- music_station
 
This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator?s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. 2019-12-05 not yet calculated CVE-2019-7185
CONFIRM
qnap -- netback_replicator An unquoted service path vulnerability is reported to affect the service ?QVssService? in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108. 2019-12-04 not yet calculated CVE-2019-7201
CONFIRM
qnap -- photo_station
 
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. 2019-12-05 not yet calculated CVE-2019-7195
CONFIRM
qnap -- photo_station
 
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. 2019-12-05 not yet calculated CVE-2019-7192
CONFIRM
qnap -- photo_station
 
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. 2019-12-05 not yet calculated CVE-2019-7194
CONFIRM
qnap -- qts This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions. 2019-12-05 not yet calculated CVE-2019-7183
CONFIRM
qnap -- qts
 
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. 2019-12-05 not yet calculated CVE-2019-7193
CONFIRM
qnap -- video_station This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator?s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. 2019-12-05 not yet calculated CVE-2019-7184
CONFIRM
rabbitmq-c -- rabbitmq-c An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer. 2019-12-01 not yet calculated CVE-2019-18609
MISC
CONFIRM
MLIST
MISC
UBUNTU
radare -- radare2
 
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. 2019-12-05 not yet calculated CVE-2019-19590
MISC
reset.pro -- adobe_stock_api_integration_for_prestashop reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file. 2019-12-05 not yet calculated CVE-2019-19594
MISC
reset.pro -- adobe_stock_api_integration_for_prestashop
 
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file. 2019-12-05 not yet calculated CVE-2019-19595
MISC
ros -- sros
 
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.) 2019-12-06 not yet calculated CVE-2019-19627
MISC
MISC
MISC
MISC
MISC
ros -- sros
 
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document. 2019-12-06 not yet calculated CVE-2019-19625
MISC
MISC
ros -- sros_2 SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document. 2019-12-06 not yet calculated CVE-2019-19625
MISC
MISC
ros -- sros_2 SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.) 2019-12-06 not yet calculated CVE-2019-19627
MISC
MISC
MISC
MISC
MISC
salto -- proaccess_space An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available. 2019-12-03 not yet calculated CVE-2019-19460
MISC
MISC
salto -- proaccess_space An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server. 2019-12-03 not yet calculated CVE-2019-19459
MISC
MISC
salto -- proaccess_space SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. 2019-12-03 not yet calculated CVE-2019-19458
MISC
MISC
salto -- proaccess_space SALTO ProAccess SPACE 5.4.3.0 allows XSS. 2019-12-03 not yet calculated CVE-2019-19457
MISC
MISC
sangoma -- freepbx In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. 2019-12-06 not yet calculated CVE-2019-19551
CONFIRM
sangoma -- freepbx In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account. 2019-12-06 not yet calculated CVE-2019-19552
MISC
sceditor -- sceditor SCEditor 2.1.3 allows XSS. 2019-12-05 not yet calculated CVE-2019-19466
MISC
MISC
secureworks -- red_cloak_windows_agent
 
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a malicious file. 2019-12-06 not yet calculated CVE-2019-19620
MISC
MISC
securworks -- red_cloak_windows_agent In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a malicious file. 2019-12-06 not yet calculated CVE-2019-19620
MISC
MISC
serialize-to-js -- serialize-to-js The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. 2019-12-07 not yet calculated CVE-2019-16772
MISC
CONFIRM
shapeshift -- keykeep_hardware_wallet Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB. 2019-12-06 not yet calculated CVE-2019-18672
MISC
MISC
CONFIRM
shapeshift -- keykeep_hardware_wallet Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes on the stack via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB. 2019-12-06 not yet calculated CVE-2019-18671
MISC
MISC
CONFIRM
smplayer -- smplayer SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. 2019-12-02 not yet calculated CVE-2019-19489
MISC
sony -- catalyst_production_suite_and_catalyst_browse In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Catalyst Browse through 2019.1 (1.1.0.21), an unprivileged user can obtain admin privileges, and execute a program as admin, after DLL hijacking of a DLL that is loaded during setup (installation). 2019-12-04 not yet calculated CVE-2019-19364
MISC
sqlite -- sqlite lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. 2019-12-05 not yet calculated CVE-2019-19317
MISC
MISC
strapi -- strapi
 
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. 2019-12-05 not yet calculated CVE-2019-19609
MISC
MISC
sylius -- sylius In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3. 2019-12-05 not yet calculated CVE-2019-16768
MISC
CONFIRM
teamviewer -- teamviewer An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges. 2019-12-02 not yet calculated CVE-2019-19362
MISC
thinkparq -- beegfs beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks). 2019-12-05 not yet calculated CVE-2019-15897
MISC
MISC
MISC
titanhq -- webtitan An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product. 2019-12-02 not yet calculated CVE-2019-19019
MISC
MISC
titanhq -- webtitan An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. 2019-12-02 not yet calculated CVE-2019-19017
MISC
MISC
titanhq -- webtitan An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. 2019-12-02 not yet calculated CVE-2019-19021
MISC
MISC
titanhq -- webtitan An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account. 2019-12-02 not yet calculated CVE-2019-19020
MISC
MISC
titanhq -- webtitan An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using. 2019-12-02 not yet calculated CVE-2019-19018
MISC
MISC
trustedsec -- trevorc2 TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY". 2019-12-04 not yet calculated CVE-2019-18850
MISC
MISC
validators -- validators The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6. 2019-12-05 not yet calculated CVE-2019-19588
MISC
validators -- validators The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6. 2019-12-05 not yet calculated CVE-2019-19588
MISC
verot -- class.upload.php
 
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. 2019-12-04 not yet calculated CVE-2019-19576
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
vmware -- esxi_and_horizon_daas
 
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 2019-12-06 not yet calculated CVE-2019-5544
CONFIRM
wagtail-2fa -- wagtail-2fa When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0. 2019-11-29 not yet calculated CVE-2019-16766
MISC
MISC
CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. 2019-12-06 not yet calculated CVE-2019-16671
MISC
MISC
CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. 2019-12-06 not yet calculated CVE-2019-16672
MISC
MISC
CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network. 2019-12-06 not yet calculated CVE-2019-16674
MISC
MISC
CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. 2019-12-06 not yet calculated CVE-2019-16673
MISC
MISC
CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention. 2019-12-06 not yet calculated CVE-2019-16670
MISC
MISC
MISC
wordpress -- wordpress
 
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. 2019-12-05 not yet calculated CVE-2019-19589
MISC
MISC
xen -- xen
 
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. 2019-12-04 not yet calculated CVE-2019-19579
MLIST
CONFIRM
MISC
MISC
xfig -- fig2dev read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. 2019-12-04 not yet calculated CVE-2019-19555
MISC
xtivia -- web_and_time_expense_interface_for_microsoft_dynamics_nav An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function. 2019-12-06 not yet calculated CVE-2019-19616
MISC
xtivia -- web_time_and_expense_interface_for_microsoft_dynamics_nav An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function. 2019-12-06 not yet calculated CVE-2019-19616
MISC
yahoo -- serialize-javascript The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. 2019-12-05 not yet calculated CVE-2019-16769
CONFIRM
zmanda -- zmanda_management_console In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. 2019-12-01 not yet calculated CVE-2019-19469
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No