Bulletin (SB19-350)

Vulnerability Summary for the Week of December 9, 2019

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
amazon -- blink_xt2_camera Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. 2019-12-11 8.3 CVE-2019-3988
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. 2019-12-11 8.3 CVE-2019-3987
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. 2019-12-11 8.3 CVE-2019-3986
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. 2019-12-11 7.2 CVE-2019-3983
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. 2019-12-11 9.3 CVE-2019-3989
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. 2019-12-11 8.3 CVE-2019-3985
CONFIRM
electronic_arts -- origin Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). 2019-12-12 7.2 CVE-2019-19247
MISC
electronic_arts -- origin Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). 2019-12-12 7.2 CVE-2019-19248
CONFIRM
git_project -- git
 
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. 2019-12-11 10 CVE-2019-19604
MLIST
MISC
CONFIRM
CONFIRM
DEBIAN
google -- android In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678 2019-12-06 7.8 CVE-2019-2232
MISC
google -- android In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986 2019-12-06 9.3 CVE-2019-2224
MISC
google -- android
 
In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173 2019-12-06 7.2 CVE-2019-2218
MISC
google -- android
 
In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796 2019-12-06 7.2 CVE-2019-2217
MISC
ibm -- cloud_pak_system
 
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179. 2019-12-10 10 CVE-2019-4521
XF
CONFIRM
ibm -- spectrum_scale IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093. 2019-12-11 9 CVE-2019-4715
XF
CONFIRM
intesync -- solismed
 
Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. 2019-12-12 7.5 CVE-2019-15931
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp has Incorrect Access Control. 2019-12-12 7.5 CVE-2019-15932
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp has SQL Injection. 2019-12-12 7.5 CVE-2019-15933
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp allows Insecure File Upload. 2019-12-12 7.5 CVE-2019-15936
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution. 2019-12-12 7.5 CVE-2019-16246
MISC
MISC
MISC
libsixel_project -- libsixel An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c. 2019-12-08 7.5 CVE-2019-19636
MISC
libsixel_project -- libsixel An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c. 2019-12-08 7.5 CVE-2019-19635
MISC
libsixel_project -- libsixel An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c. 2019-12-08 7.5 CVE-2019-19637
MISC
libsixel_project -- libsixel An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow. 2019-12-08 7.5 CVE-2019-19638
MISC
libyang -- libyang
 
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. 2019-12-06 7.5 CVE-2019-19333
CONFIRM
CONFIRM
microsoft -- internet_explorer A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. 2019-12-10 7.6 CVE-2019-1485
MISC
microsoft -- multiple_products
 
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'. 2019-12-10 7.1 CVE-2019-1461
MISC
microsoft -- multiple_products
 
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. 2019-12-10 9.3 CVE-2019-1462
MISC
MISC
microsoft -- multiple_windows_products An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483. 2019-12-10 7.2 CVE-2019-1476
MISC
MISC
microsoft -- multiple_windows_products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. 2019-12-10 9.3 CVE-2019-1468
MISC
MISC

microsoft -- multiple_windows_products

 

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. 2019-12-10 7.2 CVE-2019-1458
MISC
microsoft -- windows_10_and_windows_server_2019 An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. 2019-12-10 7.2 CVE-2019-1477
MISC
microsoft -- windows_10_and_windows_server_and_windows_server_2019
 
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1476. 2019-12-10 7.2 CVE-2019-1483
MISC
MISC
microsoft -- windows_7_and_windows_server_2008_and_windows_server_2008_r2
 
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. 2019-12-10 7.2 CVE-2019-1478
MISC
monkey_project -- monkey_http_daemon
 
Monkey HTTP Daemon: broken user name authentication 2019-12-10 7.5 CVE-2013-2159
MISC
MISC
MISC
MISC
nolio -- ca_release_automation An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. 2019-12-09 7.5 CVE-2019-19230
MISC
FULLDISC
BUGTRAQ
CONFIRM
octeth -- oempro
 
Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable. 2019-12-12 7.5 CVE-2019-19740
MISC
MISC
ovirt -- ovirt_node
 
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation 2019-12-10 7.2 CVE-2013-0293
MISC
MISC
MISC
MISC
MISC
qualcomm -- multiple_snapdragon_products Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 2019-12-12 10 CVE-2019-10511
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130 2019-12-12 7.2 CVE-2019-2288
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130 2019-12-12 7.2 CVE-2019-2321
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 2019-12-12 10 CVE-2019-10493
CONFIRM
qualcomm -- multiple_snapdragon_products
 
While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 2019-12-12 7.8 CVE-2019-2337
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2019-12-12 7.5 CVE-2019-10559
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 2019-12-12 7.8 CVE-2019-10485
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 2019-12-12 10 CVE-2019-2320
CONFIRM
sitevision -- sitevision
 
SiteVision 4 allows Remote Code Execution. 2019-12-06 9 CVE-2019-12733
MISC
FULLDISC
FULLDISC
MISC
MISC
MISC
sqlite -- sqlite SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. 2019-12-09 7.5 CVE-2019-19603
MISC
MISC
symantec -- messaging_gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. 2019-12-11 7.5 CVE-2019-18379
MISC
sysstat_project -- sysstat sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. 2019-12-11 7.5 CVE-2019-19725
MISC
trend_micro -- security_2020
 
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. 2019-12-09 7.5 CVE-2019-18190
MISC
weidmueller -- multiple_devices An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention. 2019-12-06 7.5 CVE-2019-16670
MISC
MISC
MISC
MISC
zoho_manageengine -- applications_manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. 2019-12-11 7.5 CVE-2019-19649
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
accentis -- content_resource_management_system Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter. 2019-12-09 4.3 CVE-2015-3425
MISC
accentis -- content_resource_management_system SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. 2019-12-09 6.5 CVE-2015-3424
MISC
atasm -- atasm
 
ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. 2019-12-13 6.8 CVE-2019-19786
MISC
atasm -- atasm
 
ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. 2019-12-13 6.8 CVE-2019-19787
MISC
atasm -- atasm
 
ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. 2019-12-13 6.8 CVE-2019-19785
MISC
atlassian -- fisheye_and_crucible The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. 2019-12-11 4 CVE-2019-15009
MISC
MISC
atlassian -- fisheye_and_crucible
 
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. 2019-12-11 4.3 CVE-2019-15008
MISC
MISC
atlassian -- jira The Work Time Calendar app before 4.7.1 for Jira allows XSS. 2019-12-12 4.3 CVE-2019-19748
MISC
audible -- audible The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. 2019-12-06 4.3 CVE-2019-11554
MISC
cacti -- cacti Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. 2019-12-12 5.5 CVE-2019-17358
MISC
MISC
MISC
MISC
MISC
MISC
MISC
commenthol -- serialize-to-js
 
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. 2019-12-07 4.3 CVE-2019-16772
MISC
CONFIRM
davical -- davical
 
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application. 2019-12-12 4.3 CVE-2019-18345
MISC
MISC
MISC
MLIST
MISC
MISC
DEBIAN
documize -- documize
 
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS. 2019-12-06 4.3 CVE-2019-19619
MISC
MISC
MISC
gnome -- libxslt Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. 2019-12-11 5 CVE-2019-5815
MISC
MISC
gnome -- orca
 
Orca has arbitrary code execution due to insecure Python module load 2019-12-11 4.4 CVE-2013-4245
MISC
MISC
MISC
MISC
google -- android When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 2019-12-06 5.8 CVE-2019-2225
MISC
google -- android In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 2019-12-06 4.9 CVE-2019-2228
MISC
google -- android In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 2019-12-06 4.9 CVE-2019-2220
MISC
google -- android In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 2019-12-06 4.3 CVE-2019-9464
MISC
google -- android

 
In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 2019-12-06 6.8 CVE-2019-2223
MISC
google -- android
 
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 2019-12-06 4.6 CVE-2019-2221
MISC
google -- android
 
In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698 2019-12-06 4.7 CVE-2019-2219
MISC
google -- android
 
In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 2019-12-06 5 CVE-2019-2230
MISC
google -- android
 
In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 2019-12-06 4.9 CVE-2019-2226
MISC
google -- android
 
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 2019-12-06 6.8 CVE-2019-2222
MISC
google -- chrome Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13732
MISC
MISC
google -- chrome Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13750
MISC
MISC
google -- chrome Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. 2019-12-10 6.8 CVE-2019-13741
MISC
MISC
google -- chrome Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS. 2019-12-10 4.3 CVE-2019-13672
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13744
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13737
MISC
MISC
google -- chrome
 
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-12-10 4.3 CVE-2019-13761
MISC
MISC
google -- chrome
 
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13726
MISC
MISC
google -- chrome
 
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13759
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13758
MISC
MISC
google -- chrome
 
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-12-10 4.3 CVE-2019-13757
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13763
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13755
MISC
MISC
google -- chrome
 
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13756
MISC
MISC
google -- chrome
 
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13752
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13738
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13745
MISC
MISC
google -- chrome
 
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13743
MISC
MISC
google -- chrome
 
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. 2019-12-10 4.3 CVE-2019-13742
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-12-10 4.3 CVE-2019-13739
MISC
MISC
google -- chrome
 
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13740
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13746
MISC
MISC
google -- chrome
 
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13749
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13748
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13754
MISC
MISC
google -- chrome
 
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13753
MISC
MISC
google -- chrome
 
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2019-12-10 4.3 CVE-2019-13751
MISC
MISC
google -- chrome
 
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13725
MISC
MISC
google -- chrome
 
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-5841
MISC
MISC
google -- chrome
 
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13730
MISC
MISC
google -- chrome
 
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13764
MISC
MISC
google -- chrome
 
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13735
MISC
MISC
google -- chrome
 
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13734
MISC
MISC
google -- chrome
 
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13747
MISC
MISC
google -- chrome
 
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2019-12-10 6.8 CVE-2019-13736
MISC
MISC
google -- chrome
 
Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13729
MISC
MISC
google -- chrome
 
Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-5843
MISC
MISC
google -- chrome
 
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13728
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. 2019-12-10 6.8 CVE-2019-13727
MISC
MISC
htmldoc -- htmldoc
 
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. 2019-12-08 6.8 CVE-2019-19630
MISC
MLIST
ibm -- cloud_pak_system IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015. 2019-12-10 4.3 CVE-2019-4095
XF
CONFIRM
ibm -- planning_analytics IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. 2019-12-09 6.5 CVE-2019-4612
XF
CONFIRM
ibm -- smartcloud_analytics
 
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518. 2019-12-10 6.4 CVE-2019-4244
XF
CONFIRM
intesync -- solismed Intesync Solismed 3.3sp has CSRF. 2019-12-12 6.8 CVE-2019-15934
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp allows Clickjacking. 2019-12-12 4.3 CVE-2019-15930
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp has XSS. 2019-12-12 4.3 CVE-2019-15935
MISC
MISC
MISC
MISC
intesync -- solismed
 
An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted. 2019-12-12 4.3 CVE-2019-17428
MISC
MISC
MISC
katello -- katello
 
Katello has a Denial of Service vulnerability in API OAuth authentication 2019-12-10 5 CVE-2013-4120
MISC
MISC
ktor -- ktor In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. 2019-12-10 5.8 CVE-2019-19703
MISC
libcapsinetwork_and_monopd -- libcapsinetwork_and_monopd
 
Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line. 2019-12-09 5 CVE-2015-0841
MISC
MISC
MISC
MISC
linux -- linux_kernel In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. 2019-12-08 6.8 CVE-2019-19447
MISC
linux -- linux_kernel
 
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. 2019-12-08 6.8 CVE-2019-19448
MISC
linux -- linux_kernel
 
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). 2019-12-08 6.8 CVE-2019-19449
MISC
marc-q -- libwav marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c. 2019-12-10 4.3 CVE-2019-19698
MISC
MISC
mediawiki -- mediawiki The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. 2019-12-11 4.3 CVE-2019-19708
MISC
MISC
microsoft -- authentication_library_for_android
 
An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'. 2019-12-10 4 CVE-2019-1487
MISC
microsoft -- multiple_excel_and_office_products An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. 2019-12-10 4.3 CVE-2019-1464
MISC
microsoft -- multiple_windows_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466. 2019-12-10 4.3 CVE-2019-1467
MISC
microsoft -- multiple_windows_products An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. 2019-12-10 4 CVE-2019-1470
MISC
microsoft -- multiple_windows_products A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. 2019-12-10 5 CVE-2019-1453
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467. 2019-12-10 4.3 CVE-2019-1465
MISC
MISC
microsoft -- multiple_windows_products
 
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. 2019-12-10 6.8 CVE-2019-1484
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467. 2019-12-10 4.3 CVE-2019-1466
MISC
MISC
microsoft -- power_bi_report_server_and_sql_server _ 2017_ reporting _ services _and_sql_server _ 2019_ reporting _ services
 
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. 2019-12-10 4.3 CVE-2019-1332
MISC
microsoft -- windows_10_and_windows_server_and_windows_server_2019
 
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. 2019-12-10 6.5 CVE-2019-1471
MISC
microsoft -- windows_7 An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1481. 2019-12-10 4.3 CVE-2019-1480
MISC
MISC
microsoft -- windows_7
 
An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480. 2019-12-10 4.3 CVE-2019-1481
MISC
MISC
microsoft -- windows_xp_service
 
An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'. 2019-12-10 5 CVE-2019-1489
MISC
mozilla -- firefox Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. 2019-12-10 4.3 CVE-2013-1689
CONFIRM
MISC
nopcommerce -- nopcommerce nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin. 2019-12-09 6.5 CVE-2019-19684
MISC
openstack -- openstack-utils
 
openstack-utils openstack-db has insecure password creation 2019-12-10 5 CVE-2013-1793
MISC
MISC
puppet -- puppet_enterprise Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." 2019-12-11 4.3 CVE-2013-4968
MISC
pyradius -- pyrad
 
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294. 2019-12-09 4.3 CVE-2013-0342
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
qualcomm -- multiple_snapdragon_products Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150 2019-12-12 5 CVE-2019-2310
CONFIRM
qualcomm -- multiple_snapdragon_products Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150 2019-12-12 4.4 CVE-2019-10494
CONFIRM
qualcomm -- multiple_snapdragon_products Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150 2019-12-12 4.6 CVE-2019-10555
CONFIRM
qualcomm -- multiple_snapdragon_products
 
An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855 2019-12-12 4.9 CVE-2019-10520
CONFIRM
qualcomm -- multiple_snapdragon_products
 
HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 2019-12-12 4.6 CVE-2019-2319
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 2019-12-12 4.6 CVE-2019-10592
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-12-12 4.6 CVE-2019-10530
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130 2019-12-12 4.6 CVE-2019-10571
CONFIRM
radare -- radare2
 
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. 2019-12-09 6.8 CVE-2019-19647
MISC
red_hat -- jboss_enterprise_application_platform_and_jboss_portal_platform JBossWeb Bayeux has reflected XSS 2019-12-11 4.3 CVE-2013-6495
MISC
MISC
red_hat -- jboss_keycloak
 
JBoss KeyCloak: XSS in login-status-iframe.html 2019-12-10 4.3 CVE-2014-3656
MISC
MISC
red_hat -- subscription_asset_manager katello-headpin is vulnerable to CSRF in REST API 2019-12-11 4.3 CVE-2014-0026
MISC
MISC
ros -- sros
 
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.) 2019-12-06 5 CVE-2019-19627
MISC
MISC
MISC
MISC
MISC
ros -- sros
 
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document. 2019-12-06 5 CVE-2019-19625
MISC
MISC
samsung -- s6_edge
 
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call. 2019-12-09 4.6 CVE-2015-7892
MISC
MISC
MISC
sitevision -- sitevision
 
SiteVision 4 has Incorrect Access Control. 2019-12-06 6.5 CVE-2019-12734
MISC
FULLDISC
FULLDISC
MISC
MISC
MISC
symantec -- messaging_gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2019-12-11 6.5 CVE-2019-18377
MISC
tableau -- tableau_server
 
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page. 2019-12-11 4.3 CVE-2019-19719
MISC
weidmueller -- multiple_devices An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. 2019-12-06 4 CVE-2019-16673
MISC
MISC
CONFIRM
MISC
weidmueller -- multiple_devices
 
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. 2019-12-06 5 CVE-2019-16672
MISC
MISC
CONFIRM
MISC
weidmueller -- multiple_devices
 
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network. 2019-12-06 5 CVE-2019-16674
MISC
MISC
CONFIRM
MISC
weidmueller -- multiple_devices
 
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. 2019-12-06 6.8 CVE-2019-16671
MISC
MISC
CONFIRM
MISC
xfig_project -- fig2dev make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. 2019-12-12 4.3 CVE-2019-19746
MISC
zoho_manageengine -- applications_manager Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. 2019-12-11 6.5 CVE-2019-19650
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
atlassian -- fisheye_and_crucible
 
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. 2019-12-11 3.5 CVE-2019-15007
MISC
MISC
atlassian -- jira In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue. 2019-12-09 3.5 CVE-2019-19678
MISC
atlassian -- jira In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue. 2019-12-09 3.5 CVE-2019-19679
MISC
cloud_foundry -- uaa_release
 
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters. 2019-12-06 3.5 CVE-2019-11293
CONFIRM
google -- android In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 2019-12-06 2.1 CVE-2019-2229
MISC
google -- android In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 2019-12-06 3.3 CVE-2019-2227
MISC
google -- android
 
In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555 2019-12-06 2.1 CVE-2019-2231
MISC
google -- chrome Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. 2019-12-10 2.1 CVE-2019-13762
MISC
MISC
ibm -- planning_analytics
 
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519. 2019-12-09 3.5 CVE-2019-4611
XF
CONFIRM
ibm -- spectrum_scale IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247. 2019-12-11 3.5 CVE-2019-4665
XF
CONFIRM
ibm -- watson_assistant
 
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807. 2019-12-09 3.5 CVE-2019-4428
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245. 2019-12-10 3.5 CVE-2019-4663
XF
CONFIRM
microsoft -- multiple_office_products An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463. 2019-12-10 2.1 CVE-2019-1400
MISC
microsoft -- multiple_office_products
 
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400. 2019-12-10 2.1 CVE-2019-1463
MISC
microsoft -- multiple_windows_products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472. 2019-12-10 2.1 CVE-2019-1474
MISC
microsoft -- multiple_windows_products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474. 2019-12-10 2.1 CVE-2019-1472
MISC
microsoft -- multiple_windows_products
 
A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'. 2019-12-10 2.1 CVE-2019-1488
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. 2019-12-10 2.1 CVE-2019-1469
MISC
microsoft -- skype_for_business_server A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. 2019-12-10 3.5 CVE-2019-1490
MISC
monkey_project -- monkey_http_daemon
 
Monkey HTTP Daemon has local security bypass 2019-12-10 3.6 CVE-2013-2183
MISC
MISC
MISC
MISC
nopcommerce -- nopcommerce
 
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor. 2019-12-09 3.5 CVE-2019-19682
MISC
qualcomm -- multiple_snapdragon_products Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130 2019-12-12 2.1 CVE-2019-10484
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150 2019-12-12 2.1 CVE-2019-10545
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 2019-12-12 3.6 CVE-2019-2338
CONFIRM
sangoma -- freepbx In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. 2019-12-06 3.5 CVE-2019-19551
CONFIRM
sangoma -- freepbx
 
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account. 2019-12-06 3.5 CVE-2019-19552
MISC
sap -- adaptive_server_enterprise
 
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. 2019-12-11 2.1 CVE-2019-0402
CONFIRM
CONFIRM
symantec -- messaging_gateway
 
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. 2019-12-11 3.5 CVE-2019-18378
MISC
wordpress -- wordpress
 
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. 2019-12-12 3.5 CVE-2019-19198
MISC
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
advantech -- webaccess
 
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. 2019-12-12 not yet calculated CVE-2019-3951
MISC
airlive -- poe-2600hd_devices AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL. 2019-12-11 not yet calculated CVE-2013-3691
MISC
MISC
apache -- mod_wsgi mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread. 2019-12-09 not yet calculated CVE-2014-0242
MISC
MISC
MISC
MISC
apache -- qpid-cpp qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors 2019-12-13 not yet calculated CVE-2014-0212
MISC
MISC
MISC
apache -- spamassassin In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places. 2019-12-12 not yet calculated CVE-2018-11805
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MISC
CONFIRM
DEBIAN
apache -- spamassassin In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. 2019-12-12 not yet calculated CVE-2019-12420
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
CONFIRM
DEBIAN
apple -- safari A freed memory access vulnerability exists in the SVG Marker Element feature of Apple Safari's WebKit version 13.0.2. A specially crafted HTML web page can cause a use after free, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted HTML web page needs to be opened in the browser. 2019-12-12 not yet calculated CVE-2019-5144
MISC
atlassian -- multiple_products An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value. 2019-12-13 not yet calculated CVE-2019-13347
MISC
MISC
avaya -- ip_office_application_server
 
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. 2019-12-12 not yet calculated CVE-2019-7004
CONFIRM
bitwarden -- server The Bitwarden server through 1.32.0 has a potentially unwanted KDF. 2019-12-12 not yet calculated CVE-2019-19766
MISC
MISC
bson-objectid -- bson-objectid
 
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype. 2019-12-11 not yet calculated CVE-2019-19729
MISC
MISC
chrony -- chrony chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. 2019-12-09 not yet calculated CVE-2015-1853
MISC
MISC
coredns -- coredns
 
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. 2019-12-13 not yet calculated CVE-2019-19794
MISC
MISC
MISC
MISC
cyxtera -- appgate_sdp_client In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges. 2019-12-13 not yet calculated CVE-2019-19793
MISC
data-uuid -- data-uuid Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks 2019-12-10 not yet calculated CVE-2013-4184
MISC
MISC
MISC
MISC
MISC
MISC
MISC
dbd-pgpp -- dbd-pgpp SQL injection vulnerability in DBD::PgPP 0.05 and earlier 2019-12-11 not yet calculated CVE-2014-7257
MISC
MISC
dovecot -- dovecot
 
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. 2019-12-13 not yet calculated CVE-2019-19722
CONFIRM
CONFIRM
CONFIRM
CONFIRM
duplicity -- duplicity duplicity 0.6.24 has improper verification of SSL certificates 2019-12-13 not yet calculated CVE-2014-3495
MISC
MISC
MISC
MISC
egain -- mail The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.) 2019-12-13 not yet calculated CVE-2019-17123
MISC
enshrined -- svg-sanitize It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer. 2019-12-11 not yet calculated CVE-2019-10772
MISC
envoy_proxy -- envoy
 
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially. 2019-12-13 not yet calculated CVE-2019-18801
MISC
MISC
MISC
CONFIRM
MISC
envoy_proxy -- envoy
 
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process. 2019-12-13 not yet calculated CVE-2019-18838
MISC
MISC
CONFIRM
MISC
envoy_proxy -- envoy
 
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers. 2019-12-13 not yet calculated CVE-2019-18802
MISC
MISC
MISC
MISC
erlang -- erlang inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. 2019-12-10 not yet calculated CVE-2016-1000107
MISC
MISC
MISC
MISC
firecracker -- firecracker Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes. 2019-12-11 not yet calculated CVE-2019-18960
MISC
MISC
MISC
CONFIRM
CONFIRM
foreman -- foreman Foreman has improper input validation which could lead to partial Denial of Service 2019-12-11 not yet calculated CVE-2014-0091
MISC
MISC
MISC
grandstream -- multiple_products Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. 2019-12-11 not yet calculated CVE-2013-3542
MISC
MISC
hammer_cli_foreman_gem_for_ruby_on_rails -- hammer_cli_foreman_gem_for_ruby_on_rails rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable 2019-12-13 not yet calculated CVE-2014-0241
MISC
MISC
hostapd -- hostapd
 
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. 2019-12-12 not yet calculated CVE-2019-5061
MISC
hostapd -- hostapd
 
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service. 2019-12-12 not yet calculated CVE-2019-5062
MISC
huawei -- campusinsight
 
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash. 2019-12-13 not yet calculated CVE-2019-5278
MISC
huawei -- cloudengine
 
CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device. 2019-12-13 not yet calculated CVE-2019-5248
MISC
huawei -- cloudusm-eua
 
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation. 2019-12-13 not yet calculated CVE-2019-5277
MISC
huawei -- e5572-855
 
E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack. 2019-12-13 not yet calculated CVE-2019-5253
MISC
huawei -- mate_20_pro_smartphone
 
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. 2019-12-13 not yet calculated CVE-2019-5250
MISC
huawei -- multiple_products There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks. 2019-12-13 not yet calculated CVE-2019-19397
MISC
huawei -- multiple_products

 
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service. 2019-12-13 not yet calculated CVE-2019-5255
MISC
huawei -- multiple_products

 
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network. 2019-12-13 not yet calculated CVE-2019-5257
MISC
huawei -- multiple_products

 
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal. 2019-12-13 not yet calculated CVE-2019-5258
MISC
huawei -- multiple_products
 
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system dereferences a pointer that it expects to be valid, but is NULL. A local attacker could exploit this vulnerability by sending crafted parameters. A successful exploit could cause a denial of service and the process reboot. 2019-12-13 not yet calculated CVE-2019-5256
MISC
huawei -- multiple_products
 
Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal. 2019-12-13 not yet calculated CVE-2019-5291
MISC
huawei -- multiple_products
 
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal. 2019-12-13 not yet calculated CVE-2019-5254
MISC
huawei -- multiple_smartphones Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal. 2019-12-14 not yet calculated CVE-2019-5235
MISC
huawei -- multiple_smartphones
 
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure. 2019-12-13 not yet calculated CVE-2019-5264
MISC
huawei -- multiple_smartphones
 
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant. 2019-12-14 not yet calculated CVE-2019-5252
MISC
huawei -- multiple_smartphones
 
There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure. 2019-12-13 not yet calculated CVE-2019-5251
MISC
huawei -- s5700_and_s6700_switches
 
Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal. 2019-12-13 not yet calculated CVE-2019-5290
MISC
huawei -- y9_2019_and_honor_view_20_smartphones Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot. 2019-12-13 not yet calculated CVE-2019-5260
MISC
ibm -- case_manager The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772. 2019-12-13 not yet calculated CVE-2019-4426
XF
CONFIRM
CONFIRM
ibm -- datapower_gateway
 
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883. 2019-12-09 not yet calculated CVE-2019-4621
XF
CONFIRM
ibm -- db2_high_performance_unload
 
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298. 2019-12-12 not yet calculated CVE-2019-4606
XF
CONFIRM
idrix -- veracrypt VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. 2019-12-13 not yet calculated CVE-2019-19501
MISC
MISC
kde -- kde_workspace kde-workspace before 4.10.5 has a memory leak in plasma desktop 2019-12-10 not yet calculated CVE-2013-4133
MISC
MISC
MISC
MISC
MISC
MISC
MISC
labf -- aceaxe_plus
 
The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server. 2019-12-13 not yet calculated CVE-2019-19782
MISC
MISC
last.fm -- last.fm_app_for_macos The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts. 2019-12-10 not yet calculated CVE-2019-19251
MISC
lead_technologies -- leadtools An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability. 2019-12-12 not yet calculated CVE-2019-5085
CONFIRM
lead_technologies -- leadtools
 
An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. 2019-12-12 not yet calculated CVE-2019-5090
CONFIRM
lead_technologies -- leadtools
 
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. 2019-12-12 not yet calculated CVE-2019-5154
CONFIRM
lead_technologies -- leadtools
 
An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability. 2019-12-12 not yet calculated CVE-2019-5093
CONFIRM
lead_technologies -- leadtools
 
An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability. 2019-12-12 not yet calculated CVE-2019-5092
CONFIRM
lead_technologies -- leadtools
 
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability. 2019-12-12 not yet calculated CVE-2019-5091
CONFIRM
lenovo-- energy_management_driver_for_windows_10
 
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected. 2019-12-10 not yet calculated CVE-2019-6183
CONFIRM
lenovo-- power_management_driver
 
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. 2019-12-10 not yet calculated CVE-2019-6192
MISC
CONFIRM
libsixel_project -- libsixel An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c. 2019-12-13 not yet calculated CVE-2019-19778
MISC
libssh -- libssh A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. 2019-12-10 not yet calculated CVE-2019-14889
CONFIRM
UBUNTU
CONFIRM
linux -- linux_kernel In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). 2019-12-12 not yet calculated CVE-2019-19768
MISC
linux -- linux_kernel In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). 2019-12-12 not yet calculated CVE-2019-19769
MISC
linux -- linux_kernel In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). 2019-12-12 not yet calculated CVE-2019-19770
MISC
linux -- linux_kernel
 
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. 2019-12-12 not yet calculated CVE-2019-19767
MISC
MISC
MISC
MISC
MISC
mcafee -- techcheck
 
DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. 2019-12-11 not yet calculated CVE-2019-3667
CONFIRM
mcollective -- mcollective mcollective has a default password set at install 2019-12-13 not yet calculated CVE-2014-0175
MISC
MISC
MISC
mediawiki -- mediawiki includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. 2019-12-11 not yet calculated CVE-2013-4303
MISC
MISC
MISC
MISC
MISC
mediawiki -- mediawiki
 
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. 2019-12-11 not yet calculated CVE-2019-19709
MISC
MISC
micro_focus -- acutoweb Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. 2019-12-11 not yet calculated CVE-2019-17087
CONFIRM
microsoft -- visual_studio_2019_and_visual_studio_live_share A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. 2019-12-10 not yet calculated CVE-2019-1486
MISC
minerstat -- msos minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. 2019-12-12 not yet calculated CVE-2019-19750
MISC
modoboa -- modoboa
 
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain. 2019-12-10 not yet calculated CVE-2019-19702
MISC
moxa -- eds-g508e_and_eds-g512e_and_eds-g516e_devices On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. 2019-12-11 not yet calculated CVE-2019-19707
MISC
multiple_vendors -- multiple_products A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. 2019-12-11 not yet calculated CVE-2019-14899
CONFIRM
MISC
node-connect -- node-connect node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware 2019-12-11 not yet calculated CVE-2013-7370
MISC
MISC
MISC
MISC
MISC
MISC
MISC
node-connect -- node-connect node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) 2019-12-11 not yet calculated CVE-2013-7371
MISC
MISC
MISC
MISC
MISC
MISC
node.js -- node.js The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets. 2019-12-12 not yet calculated CVE-2019-19771
MISC
MISC
nopcommerce -- nopcommerce
 
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. 2019-12-09 not yet calculated CVE-2019-19685
MISC
nopcommerce -- nopcommerce
 
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. 2019-12-09 not yet calculated CVE-2019-19683
MISC
npm -- cli Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user?s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. 2019-12-13 not yet calculated CVE-2019-16776
MISC
CONFIRM
npm -- cli Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user?s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. 2019-12-13 not yet calculated CVE-2019-16775
MISC
CONFIRM
npm -- cli Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. 2019-12-13 not yet calculated CVE-2019-16777
MISC
CONFIRM
omniauth-facebook_gem_for_ruby_on_rails -- omniauth-facebook_gem_for_ruby_on_rails RubyGem omniauth-facebook has an access token security vulnerability 2019-12-11 not yet calculated CVE-2013-4593
MISC
MISC
MISC
MISC
openbsd -- openbsd lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. 2019-12-10 not yet calculated CVE-2012-1577
CONFIRM
MISC
MISC
MISC
openbsd -- openbsd
 
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. 2019-12-12 not yet calculated CVE-2019-19726
MISC
FULLDISC
BUGTRAQ
CONFIRM
MISC
openshift-origin-controller_gem_for_ruby_on_rails -- openshift-origin-controller_gem_for_ruby_on_rails rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection 2019-12-10 not yet calculated CVE-2013-2095
MISC
MISC
openstack -- keystone
 
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) 2019-12-09 not yet calculated CVE-2019-19687
MLIST
MISC
MISC
MISC
MISC
CONFIRM
pen -- pen Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities 2019-12-13 not yet calculated CVE-2014-2387
MISC
MISC
MISC
MISC
MISC
MISC
MISC
phpfastcache -- phpfastcache In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. 2019-12-12 not yet calculated CVE-2019-16774
MISC
MISC
CONFIRM
puppet -- puppet_enterprise When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user?s username and password were exposed in the job?s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module. 2019-12-12 not yet calculated CVE-2019-10695
MISC
puppet -- puppet_enterprise The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9. 2019-12-12 not yet calculated CVE-2019-10694
MISC
python-keystoneclient -- python-keystoneclient python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass 2019-12-10 not yet calculated CVE-2013-2166
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
python-keystoneclient -- python-keystoneclient python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass 2019-12-10 not yet calculated CVE-2013-2167
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
qualcomm -- snapdragon_connectivity Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390 2019-12-12 not yet calculated CVE-2019-10618
CONFIRM
red_hat -- cloudform_management_engine CFME: CSRF protection vulnerability via permissive check of the referrer header 2019-12-13 not yet calculated CVE-2014-0197
MISC
MISC
red_hat -- openshift Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. 2019-12-11 not yet calculated CVE-2014-0163
MISC
MISC
red_hat -- 3scale A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information. 2019-12-12 not yet calculated CVE-2019-14849
CONFIRM
relialble_controls -- licensemanager Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application. 2019-12-11 not yet calculated CVE-2019-18245
MISC
samba -- samba All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. 2019-12-10 not yet calculated CVE-2019-14861
CONFIRM
FEDORA
CONFIRM
UBUNTU
UBUNTU
CONFIRM
samba -- samba All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. 2019-12-10 not yet calculated CVE-2019-14870
CONFIRM
FEDORA
CONFIRM
UBUNTU
UBUNTU
CONFIRM
samurai -- samurai
 
samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. 2019-12-13 not yet calculated CVE-2019-19795
MISC
sap -- businessobjects_business_intelligence_platform Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. 2019-12-11 not yet calculated CVE-2019-0398
CONFIRM
CONFIRM
sap -- businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. 2019-12-11 not yet calculated CVE-2019-0395
CONFIRM
CONFIRM
sap -- enable_now SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. 2019-12-11 not yet calculated CVE-2019-0405
CONFIRM
CONFIRM
sap -- enable_now SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. 2019-12-11 not yet calculated CVE-2019-0404
CONFIRM
CONFIRM
sap -- enable_now SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. 2019-12-11 not yet calculated CVE-2019-0403
CONFIRM
CONFIRM
sap -- portfolio_and_project_management SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure. 2019-12-11 not yet calculated CVE-2019-0399
CONFIRM
CONFIRM
secureworks -- red_cloak_windows_agent
 
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. 2019-12-06 not yet calculated CVE-2019-19620
MISC
MISC
siemens -- en100_ethernet_modules A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known. 2019-12-12 not yet calculated CVE-2019-13943
CONFIRM
siemens -- en100_ethernet_modules A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-13944
CONFIRM
siemens -- en100_ethernet_modules A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-13942
CONFIRM
siemens -- multiple_desigo_px_products A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-13927
MISC
siemens -- simatic_s7-1200_cpu_and_simatic_s7-200_smart_cpu A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-13945
MISC
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context. 2019-12-12 not yet calculated CVE-2019-18338
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The user configuration menu in the web interface of the SiNVR 3 Central Control Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other SiNVR 3 CCS users. 2019-12-12 not yet calculated CVE-2019-13947
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations). 2019-12-12 not yet calculated CVE-2019-18341
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). Both the SiNVR 3 Video Server and the Central Control Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks. 2019-12-12 not yet calculated CVE-2019-18340
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext. 2019-12-12 not yet calculated CVE-2019-18339
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server. 2019-12-12 not yet calculated CVE-2019-18342
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext. 2019-12-12 not yet calculated CVE-2019-18337
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18318
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18283
MISC
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18319
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18317
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18315
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18284
MISC
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18285
MISC
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18288
MISC
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18287
MISC
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18316
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18286
MISC
CONFIRM
siemens -- sppa-t3000_application_server A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18314
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18331
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18333
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18320
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18335
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18334
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18332
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18323
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18295
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18304
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18290
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18306
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18310
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18326
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18305
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18313
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18303
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18311
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18307
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18293
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18292
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18308
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18291
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18294
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18312
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18296
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18299
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18300
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18298
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18301
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18309
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18302
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18289
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18297
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18321
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18322
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18325
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18327
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18330
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18328
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18329
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-18324
CONFIRM
siemens -- xhq A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-13932
CONFIRM
siemens -- xhq A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-13930
CONFIRM
siemens -- xhq A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-12-12 not yet calculated CVE-2019-13931
CONFIRM
skymee -- petwant_pf-103_and_petalk_ai A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. 2019-12-13 not yet calculated CVE-2019-16735
MISC
skymee -- petwant_pf-103_and_petalk_ai A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. 2019-12-13 not yet calculated CVE-2019-16736
MISC
skymee -- petwant_pf-103_and_petalk_ai The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. 2019-12-13 not yet calculated CVE-2019-17364
MISC
skymee -- petwant_pf-103_and_petalk_ai Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. 2019-12-13 not yet calculated CVE-2019-16734
MISC
skymee -- petwant_pf-103_and_petalk_ai processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. 2019-12-13 not yet calculated CVE-2019-16733
MISC
skymee -- petwant_pf-103_and_petalk_ai Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. 2019-12-13 not yet calculated CVE-2019-16732
MISC
skymee -- petwant_pf-103_and_petalk_ai The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. 2019-12-13 not yet calculated CVE-2019-16731
MISC
skymee -- petwant_pf-103_and_petalk_ai processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. 2019-12-13 not yet calculated CVE-2019-16730
MISC
MISC
skymee -- petwant_pf-103_and_petalk_ai The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. 2019-12-13 not yet calculated CVE-2019-16737
MISC
smokeping -- smokeping smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) 2019-12-11 not yet calculated CVE-2013-4158
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
snakeyaml -- snakeyaml The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. 2019-12-12 not yet calculated CVE-2017-18640
MISC
MISC
sqlite -- sqlite
 
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. 2019-12-09 not yet calculated CVE-2019-19645
MISC
sqlite -- sqlite
 
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. 2019-12-09 not yet calculated CVE-2019-19646
MISC
MISC
MISC
squiz -- squiz_matrix_content_management_system An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. This unserialization can be used to trigger the inclusion of arbitrary files on the filesystem (local file inclusion), and results in remote code execution. 2019-12-11 not yet calculated CVE-2019-19373
FULLDISC
MISC
MISC
squiz -- squiz_matrix_content_management_system
 
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.) 2019-12-11 not yet calculated CVE-2019-19374
FULLDISC
MISC
MISC
stb_image.h -- stb_image.h stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. 2019-12-13 not yet calculated CVE-2019-19777
MISC
supermicro -- x8sti-f_motherboards
 
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor. 2019-12-08 not yet calculated CVE-2019-19642
MISC
suphp -- suphp suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution 2019-12-13 not yet calculated CVE-2014-1867
MISC
MISC
MISC
MISC
symantec -- industrial_control_system_protection
 
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. 2019-12-09 not yet calculated CVE-2019-18380
CONFIRM
telerik -- telerik_ui_for_asp.net_ajax Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (In 2019.3.1023 but not earlier versions, a non-default setting can prevent exploitation.) 2019-12-11 not yet calculated CVE-2019-18935
MISC
MISC
MISC
MISC
telerik -- telerik_ui_for_asp.net_ajax
 
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler). 2019-12-13 not yet calculated CVE-2019-19790
MISC
MISC
tematres -- tematres TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. 2019-12-13 not yet calculated CVE-2019-14344
MISC
MISC
temenos -- channels An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters. 2019-12-09 not yet calculated CVE-2019-14251
MISC
thales_dis -- safenet_sentinel_ldk_license_manager SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system. 2019-12-11 not yet calculated CVE-2019-18232
MISC
virustotal -- yara In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. 2019-12-09 not yet calculated CVE-2019-19648
MISC
wolfssl -- wolfssl_and_wolfcrypt wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces. 2019-12-11 not yet calculated CVE-2019-14317
MISC
wordpress -- wordpress Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977. 2019-12-11 not yet calculated CVE-2013-5978
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. 2019-12-13 not yet calculated CVE-2019-17599
MISC
MISC
MISC
MISC
xen_project -- xen An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice. 2019-12-11 not yet calculated CVE-2019-19580
MISC
xen_project -- xen An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable. 2019-12-11 not yet calculated CVE-2019-19582
MISC
xen_project -- xen
 
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. 2019-12-11 not yet calculated CVE-2019-19583
MISC
xen_project -- xen
 
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable. 2019-12-11 not yet calculated CVE-2019-19578
MISC
xen_project -- xen
 
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable. 2019-12-11 not yet calculated CVE-2019-19581
MISC
xen_project -- xen
 
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable. 2019-12-11 not yet calculated CVE-2019-19577
MISC
yabasic -- yabasic Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. 2019-12-13 not yet calculated CVE-2019-19796
MISC
yabasic -- yabasic Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file. 2019-12-11 not yet calculated CVE-2019-19720
MISC
MISC
yachtcontrol -- yachtcontrol Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's. 2019-12-10 not yet calculated CVE-2019-17270
MISC
EXPLOIT-DB
yaws -- yaws yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. 2019-12-10 not yet calculated CVE-2016-1000108
MISC
CONFIRM
MISC
MISC
zabbix -- zabbix Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. 2019-12-11 not yet calculated CVE-2013-5743
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zoho manageengine -- eventlog_analyzer
 
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column. 2019-12-13 not yet calculated CVE-2019-19774
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No