ISC Releases Security Advisory for BIND

US-CERT All NCAS Products - Thu, 11/21/2019 - 16:54
Original release date: November 21, 2019

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Microsoft Releases Outlook for Android Security Update

US-CERT All NCAS Products - Thu, 11/21/2019 - 16:47
Original release date: November 21, 2019

Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection

US-CERT All NCAS Products - Tue, 11/19/2019 - 20:14
Original release date: November 19, 2019

The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the NSA Cyber Advisory and apply the information, as appropriate. See CISA’s Alert on risks associated with HTTPS inspection.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

FTC Provides Tips on Safeguarding Data Before Upgrading Mobile Phones

US-CERT All NCAS Products - Tue, 11/19/2019 - 17:07
Original release date: November 19, 2019

The Federal Trade Commission (FTC) has released an article with tips on how to protect personal information before trading in a mobile phone for a newer model. FTC recommends the following four steps to safeguard these devices:

  • Back up data.
  • Remove SIM and SD cards.
  • Erase personal information.
  • Verify deletion of personal information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article for additional resources on how to perform each of the suggested steps and see CISA’s Tip on Proper Disposal of Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

National Tax Security Awareness Week is December 2–6

US-CERT All NCAS Products - Tue, 11/19/2019 - 16:59
Original release date: November 19, 2019

The Internal Revenue Service (IRS) has released an article announcing that National Tax Security Awareness Week will be held December 2–6. The annual recognition event will feature a series of resources and tips to help taxpayers and tax professionals protect their data and identities against identity theft.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review CISA’s Tip on Preventing and Responding to Identity Theft and IRS’s article on National Tax Security Awareness Week for details about new resources and the more than 25 tax security events being held across the country throughout the awareness week.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Google Releases Security Updates for Chrome

US-CERT All NCAS Products - Tue, 11/19/2019 - 16:36
Original release date: November 19, 2019

Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Vulnerability Summary for the Week of November 11, 2019

US-CERT All NCAS Products - Mon, 11/18/2019 - 09:45
Original release date: November 18, 2019

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

  

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info au_optronics -- sunveillance_monitoring_system
  An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter. 2019-11-12 7.5 CVE-2019-12719
MISC
MISC belkin -- n900_db_wireless_router Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. 2019-11-13 7.8 CVE-2013-4655
MISC
MISC
MISC broadcom -- wi-fi_driver
  In the Broadcom Wi-Fi driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-130375182 2019-11-13 7.5 CVE-2019-9466
MISC chartkick_gem_for_ruby_on_rails -- chartkick_gem_for_ruby_on_rails Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. 2019-11-11 7.5 CVE-2019-18841
MISC
MISC
MISC
CONFIRM
MISC
MISC d-link -- multiple_routers
  Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00. 2019-11-11 10 CVE-2019-18852
MISC elgg_foundation -- elgg
  Elgg through 1.7.10 has a SQL injection vulnerability 2019-11-12 7.5 CVE-2011-2936
REDHAT
MISC
DEBIAN energycap -- energycap
  Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard. 2019-11-08 7.5 CVE-2019-18623
CONFIRM
CONFIRM enghouse_interactive -- web_chat
  An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not. 2019-11-13 7.5 CVE-2019-16948
MISC fudforum -- fudforum
  FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php. 2019-11-12 8.5 CVE-2019-18873
MISC
MISC fudforum -- fudforum
  FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. 2019-11-13 8.5 CVE-2019-18839
MISC
MISC gnome -- gdk-pixbuf
  gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw 2019-11-12 7.5 CVE-2011-2897
MISC
MISC
MISC google -- android

  In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269669 2019-11-13 7.8 CVE-2019-2211
MISC google -- android
  In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139188579 2019-11-13 9.3 CVE-2019-2206
MISC google -- android
  In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124524315 2019-11-13 7.2 CVE-2019-2207
MISC google -- android
  In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139186193 2019-11-13 7.2 CVE-2019-2195
MISC google -- android
  In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-79703832 2019-11-13 10 CVE-2019-2036
MISC google -- android
  In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-138442295 2019-11-13 10 CVE-2019-2204
MISC google -- android
  In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139806216 2019-11-13 10 CVE-2019-2205
MISC google -- android
  In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140486529 2019-11-13 7.2 CVE-2019-2233
MISC google -- android
  In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel 2019-11-13 7.2 CVE-2019-2214
MISC google -- android
  In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-137370777 2019-11-13 7.2 CVE-2019-2203
MISC google -- android
  In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-139148442 2019-11-13 7.2 CVE-2019-2210
MISC google -- android
  In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-137283376 2019-11-13 7.2 CVE-2019-2202
MISC google -- android
  In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138650665 2019-11-13 7.2 CVE-2019-2199
MISC google -- android
  In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-132261064 2019-11-13 7.2 CVE-2019-2193
MISC google -- android
  In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910 2019-11-13 7.2 CVE-2019-9467
MISC google -- android
  In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138441555 2019-11-13 7.2 CVE-2019-2192
MISC google -- android
  There is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-138441919 2019-11-13 7.8 CVE-2019-2208
MISC google -- android
  In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338 2019-11-13 9.3 CVE-2019-2201
MISC
UBUNTU helm -- helm In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue. 2019-11-12 7.5 CVE-2019-18658
MISC lenovo -- multiple_thinkpads A potential vulnerability in some Lenovo ThinkPads may allow an attacker to execute arbitrary code under SMM under certain circumstances. 2019-11-12 7.5 CVE-2019-6170
MISC lenovo -- multiple_thinkpads
  A potential vulnerability in the SMI callback function in some Lenovo ThinkPad models may allow arbitrary code execution 2019-11-12 7.5 CVE-2019-6172
MISC libpoe-component-irc-perl -- libpoe-component-irc-perl
  libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. 2019-11-12 7.5 CVE-2010-3438
MISC
MISC
MISC matrix-org -- synapse
  Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. 2019-11-08 7.5 CVE-2019-18835
MISC
MISC

medtronic -- valleylab_exchange_client_and_valleylab_ft10_and_fx8_energy_platform

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. 2019-11-08 7.2 CVE-2019-13539
MISC microsoft -- chakracore_and_edge A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429. 2019-11-12 7.6 CVE-2019-1427
MISC microsoft -- chakracore_and_edge
  A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429. 2019-11-12 7.6 CVE-2019-1428
MISC microsoft -- chakracore_and_edge
  A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429. 2019-11-12 7.6 CVE-2019-1426
MISC microsoft -- exchange_server_2013_and_2016_and_2019
  A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. 2019-11-12 7.5 CVE-2019-1373
MISC microsoft -- internet_explorer_9_and_10_and_11
  A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. 2019-11-12 7.6 CVE-2019-1429
MISC microsoft -- internet_explorer_9_and_10_and_11
  A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. 2019-11-12 7.6 CVE-2019-1390
MISC microsoft -- multiple_products An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. 2019-11-12 7.2 CVE-2019-1388
MISC
MISC microsoft -- multiple_products

  A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721. 2019-11-12 9 CVE-2019-0719
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1437, CVE-2019-1438. 2019-11-12 7.2 CVE-2019-1435
MISC microsoft -- multiple_products
  A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. 2019-11-12 9.3 CVE-2019-1406
MISC microsoft -- multiple_products
  A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398. 2019-11-12 7.7 CVE-2019-1397
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. 2019-11-12 7.2 CVE-2019-1392
MISC microsoft -- multiple_products
  A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398. 2019-11-12 7.7 CVE-2019-1389
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. 2019-11-12 7.2 CVE-2019-1394
MISC
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. 2019-11-12 7.2 CVE-2019-1395
MISC
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408. 2019-11-12 7.2 CVE-2019-1434
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434. 2019-11-12 7.2 CVE-2019-1396
MISC
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438. 2019-11-12 7.2 CVE-2019-1433
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434. 2019-11-12 7.2 CVE-2019-1408
MISC
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437. 2019-11-12 7.2 CVE-2019-1438
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438. 2019-11-12 7.2 CVE-2019-1407
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. 2019-11-12 7.2 CVE-2019-1405
MISC microsoft -- multiple_products
  A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. 2019-11-12 9.3 CVE-2019-1448
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. 2019-11-12 7.2 CVE-2019-1393
MISC
MISC microsoft -- office_2019_and_office_365_proplus
  A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. 2019-11-12 10 CVE-2019-1449
MISC microsoft -- windows_10_and_windows_server A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'. 2019-11-12 9.3 CVE-2019-1430
MISC microsoft -- windows_10_and_windows_server_2019_and_windows_server
  An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438. 2019-11-12 7.2 CVE-2019-1437
MISC microsoft -- windows_10_and_windows_server_2019_and_windows_server
  A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719. 2019-11-12 9 CVE-2019-0721
MISC microsoft -- windows_10_and_windows_server_2019_and_windows_server
  A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397. 2019-11-12 7.7 CVE-2019-1398
MISC microsoft -- windows_7_and_windows_server_2008 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. 2019-11-12 9.3 CVE-2019-1441
MISC
MISC nvidia -- windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service. 2019-11-09 7.2 CVE-2019-5692
CONFIRM nvidia -- windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges. 2019-11-09 7.2 CVE-2019-5691
CONFIRM nvidia -- windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges. 2019-11-09 7.2 CVE-2019-5690
CONFIRM offlineimap -- offlineimap
  offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. 2019-11-13 7.5 CVE-2010-4533
MISC
MISC
MISC
MISC
MISC sibsoft -- xfilesharing SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP. 2019-11-13 7.5 CVE-2019-18952
MISC
MISC systematic -- iris_webforms
  Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. 2019-11-12 7.5 CVE-2019-18925
MISC untangle -- ng_firewall
  The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. 2019-11-14 9 CVE-2019-18647
MISC western_digital -- my_cloud_ex2_ultra_firmware Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. 2019-11-13 9 CVE-2019-18931
MISC
MISC western_digital -- my_cloud_ex2_ultra_firmware
  Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. 2019-11-13 9 CVE-2019-18929
MISC
MISC western_digital -- my_cloud_ex2_ultra_firmware
  Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs. 2019-11-13 9 CVE-2019-18930
MISC
MISC wordpress -- wordpress
  A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. 2019-11-08 9 CVE-2019-17661
MISC zte -- zxupn-9000e
  The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. 2019-11-08 7.5 CVE-2019-3426
CONFIRM zte -- zxupn-9000e
  The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. 2019-11-08 7.5 CVE-2019-3425
CONFIRM Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info alien-arena -- alien-arena
  It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. 2019-11-12 4 CVE-2010-3439
MISC
MISC
MISC
MISC apache -- arrow
  It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. 2019-11-08 5 CVE-2019-12408
CONFIRM
MLIST apache -- arrow
  While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. 2019-11-08 5 CVE-2019-12410
MLIST
MLIST
MLIST atlassian -- troubleshooting_and_support_tool The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2. 2019-11-08 4 CVE-2019-15005
MISC
MISC atoptool -- atop
  atop: symlink attack possible due to insecure tempfile handling 2019-11-12 4.6 CVE-2011-3618
REDHAT
MISC
DEBIAN au_optronics -- sunveillance_monitoring_system
  AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters. 2019-11-12 5 CVE-2019-12720
MISC
MISC bitweaver -- bitweaver
  Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter. 2019-11-13 4.3 CVE-2012-5193
EXPLOIT-DB
MISC broadcom -- brocade_sannav
  A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. 2019-11-08 4.3 CVE-2019-16205
CONFIRM broadcom -- brocade_sannav
  Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). 2019-11-08 5 CVE-2019-16208
CONFIRM ceph -- rgw_server
  A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. 2019-11-08 5 CVE-2019-10222
CONFIRM
MISC cross-origin_resource_sharing -- cross-origin_resource_sharing It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. 2019-11-08 4.3 CVE-2019-14860
REDHAT
CONFIRM drupal -- drupal
  A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. 2019-11-11 5 CVE-2019-18856
MISC
MISC dtc-xen -- dtc-xen
  dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. 2019-11-09 6.8 CVE-2009-4011
MISC
MISC
MISC elgg_foundation -- elgg
  Elgg through 1.7.10 has XSS 2019-11-12 4.3 CVE-2011-2935
REDHAT
MISC
DEBIAN enghouse_interactive -- web_chat A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses. 2019-11-13 5 CVE-2019-16951
MISC enghouse_interactive -- web_chat
  An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript. 2019-11-13 4.3 CVE-2019-16950
MISC enghouse_interactive -- web_chat
  An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain. 2019-11-13 4 CVE-2019-16949
MISC envoy_proxy -- envoy
  Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." 2019-11-11 5 CVE-2019-18836
MISC
CONFIRM
MISC
MISC ettercap_project -- ettercap
  An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. 2019-11-12 6.8 CVE-2010-3844
MISC
MISC
MISC firegpg -- firegpg FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key. 2019-11-08 5 CVE-2008-7272
MISC
MISC
MISC gargoyle-free -- gargoyle-free
  If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. 2019-11-12 4.4 CVE-2010-3359
MISC gnu -- mailutils maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. 2019-11-11 4.6 CVE-2019-18862
MISC google -- android In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143 2019-11-13 4.9 CVE-2019-2196
MISC google -- android
  In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel 2019-11-13 6.9 CVE-2019-2213
MISC google -- android
  In poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139690488 2019-11-13 4.9 CVE-2019-2212
MISC google -- android
  In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139287605 2019-11-13 4.9 CVE-2019-2209
MISC google -- android
  In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135270103 2019-11-13 4.9 CVE-2019-2198
MISC google -- chrome
  Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. 2019-11-12 4.3 CVE-2011-2334
MISC
MISC google -- chrome
  WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). 2019-11-12 4.3 CVE-2011-1802
MISC
MISC google -- chrome
  An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element. 2019-11-12 4.3 CVE-2011-1803
MISC
MISC google -- chrome
  A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function. 2019-11-12 5 CVE-2011-2335
MISC
MISC hibernate -- hibernate_validator
  A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. 2019-11-08 4.3 CVE-2019-10219
CONFIRM hitachi -- command_suite
  A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. 2019-11-12 5 CVE-2018-21026
MISC
CONFIRM huawei -- multiple_products Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node. 2019-11-13 5 CVE-2019-5289
MISC huawei -- multiple_products
  There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal. 2019-11-13 5 CVE-2019-5294
MISC huawei -- multiple_products
  Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal. 2019-11-13 4 CVE-2019-5293
MISC huawei -- multiple_smartphones

  Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution. 2019-11-13 4.6 CVE-2019-5246
MISC huawei -- multiple_smartphones
  Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components. 2019-11-13 6.8 CVE-2019-5233
MISC huawei -- multiple_smartphones
  Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution. 2019-11-13 6.8 CVE-2019-5282
MISC huawei -- multiple_smartphones
  Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. 2019-11-12 6.8 CVE-2019-5228
MISC huawei -- p20_pro_and_p20_and_mate_rs_smartphones
  P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information. 2019-11-13 4.3 CVE-2019-5230
MISC huawei -- p30_smartphones
  P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. 2019-11-12 4.6 CVE-2019-5229
MISC ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271. 2019-11-09 4 CVE-2019-4334
XF
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369. 2019-11-09 6.5 CVE-2018-1721
XF
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. 2019-11-09 4.3 CVE-2019-4645
XF
CONFIRM ibm -- cognos_controller
  IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. 2019-11-09 4 CVE-2019-4411
XF
CONFIRM ibm -- cognos_controller
  IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659. 2019-11-09 5 CVE-2019-4412
XF
CONFIRM ibm -- i IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. 2019-11-09 4.3 CVE-2019-4450
XF
CONFIRM ibm -- qradar
  IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. 2019-11-09 4 CVE-2019-4509
XF
CONFIRM ibm -- qradar
  IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239. 2019-11-09 4.3 CVE-2019-4581
XF
CONFIRM ibm -- qradar_advisor
  IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205. 2019-11-09 4 CVE-2019-4556
XF
CONFIRM imagemagick -- imagemagick
  ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. 2019-11-11 4.3 CVE-2019-18853
MISC
MISC istio -- istio
  Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. 2019-11-12 5 CVE-2019-18817
MISC
MISC json-jwt_gem_for_ruby_on_rails -- json-jwt_gem_for_ruby_on_rails
  The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. 2019-11-12 5 CVE-2019-18848
MISC
MISC lavalite -- cms
  XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. 2019-11-13 4.3 CVE-2019-18883
MISC
MISC mantisbt-- mantisbt
  MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. 2019-11-09 4.3 CVE-2009-2802
CONFIRM
CONFIRM
MISC mcafee -- advanced_threat_defense Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. 2019-11-13 4 CVE-2019-3649
MISC mcafee -- advanced_threat_defense
  Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. 2019-11-13 6.5 CVE-2019-3651
MISC mcafee -- advanced_threat_defense
  Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. 2019-11-13 6.5 CVE-2019-3660
CONFIRM mcafee -- advanced_threat_defense
  Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. 2019-11-13 4 CVE-2019-3650
MISC mcafee -- advanced_threat_defense
  Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. 2019-11-14 4 CVE-2019-3662
MISC mcafee -- advanced_threat_defense
  Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. 2019-11-14 6.5 CVE-2019-3661
MISC

medtronic -- valleylab_exchange_client_and_valleylab_ft10_and__fx8_energy_platform

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. 2019-11-08 5 CVE-2019-13543
MISC microsoft -- azure_stack
  A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. 2019-11-12 5 CVE-2019-1234
MISC microsoft -- edge
  A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. 2019-11-12 4.3 CVE-2019-1413
MISC

microsoft -- microsoft_office_2016_for_mac_and_microsoft_office_2019_for_mac

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. 2019-11-12 6.8 CVE-2019-1457
MISC microsoft -- multiple_products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1411. 2019-11-12 4.3 CVE-2019-1432
MISC
MISC microsoft -- multiple_products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207. 2019-11-12 4.9 CVE-2019-1391
MISC microsoft -- multiple_products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432. 2019-11-12 4.3 CVE-2019-1411
MISC
MISC microsoft -- multiple_products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456. 2019-11-12 6.8 CVE-2019-1419
MISC
MISC microsoft -- multiple_products A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310. 2019-11-12 5.5 CVE-2019-1399
MISC microsoft -- multiple_products
  A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399. 2019-11-12 6.8 CVE-2019-0712
MISC microsoft -- multiple_products
  A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. 2019-11-12 4.6 CVE-2019-1380
MISC
MISC microsoft -- multiple_products
  A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'. 2019-11-12 6.8 CVE-2019-1424
MISC microsoft -- multiple_products
  An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. 2019-11-12 4.3 CVE-2019-1446
MISC microsoft -- multiple_products
  A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. 2019-11-12 6.5 CVE-2019-1384
MISC microsoft -- multiple_products
  An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. 2019-11-12 4.3 CVE-2019-1439
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1417. 2019-11-12 4.6 CVE-2019-1383
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383. 2019-11-12 4.6 CVE-2019-1417
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423. 2019-11-12 4.6 CVE-2019-1420
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423. 2019-11-12 4.6 CVE-2019-1422
MISC
MISC microsoft -- multiple_products
  A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419. 2019-11-12 6.8 CVE-2019-1456
MISC
MISC microsoft -- multiple_products
  An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. 2019-11-12 4.3 CVE-2019-1374
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. 2019-11-12 4.6 CVE-2019-1415
MISC microsoft -- multiple_sharepoint_products
  An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'. 2019-11-12 4 CVE-2019-1443
MISC microsoft -- office_online_server
  A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447. 2019-11-12 5.8 CVE-2019-1445
MISC microsoft -- office_online_server
  A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445. 2019-11-12 5.8 CVE-2019-1447
MISC microsoft -- sharepoint_server_2019
  A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. 2019-11-12 4.3 CVE-2019-1442
MISC microsoft -- windows_10_and_windows_server
  An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1422. 2019-11-12 4.6 CVE-2019-1423
MISC
MISC microsoft -- windows_10_and_windows_server_2019
  An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1383, CVE-2019-1417. 2019-11-12 4.6 CVE-2019-1379
MISC microsoft -- windows_10_and_windows_server_2019_and_windows_server
  An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. 2019-11-12 5 CVE-2019-1324
MISC microsoft -- windows_10_and_windows_server_2019_and_windows_server
  An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. 2019-11-12 6.1 CVE-2019-1385
MISC
MISC microsoft -- windows_10_and_windows_server_2019_and_windows_server
  A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399. 2019-11-12 6.8 CVE-2019-1309
MISC microsoft -- windows_10_and_windows_server_2019_and_windows_server
  An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. 2019-11-12 4.4 CVE-2019-1416
MISC microsoft -- windows_10_and_windows_server_2019_and_windows_server
  A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399. 2019-11-12 6.8 CVE-2019-1310
MISC microstrategy -- microstrategy
  Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. 2019-11-14 4.3 CVE-2019-18957
MISC
FULLDISC
MISC mitel -- micollab_and_mivoice_business_express_versions
  A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. 2019-11-12 5 CVE-2018-18819
MISC
CONFIRM mod_ruid2 -- mod_ruid2
  mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. 2019-11-08 5 CVE-2013-1889
MISC
MISC
MISC
CONFIRM moodle -- moodle Moodle before 2.2.2: Overview report allows users to see hidden courses 2019-11-14 4 CVE-2012-1159
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC moodle -- moodle
  Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough 2019-11-14 5 CVE-2012-1170
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC moodle -- moodle
  Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results 2019-11-14 4 CVE-2012-1161
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC nvidia -- geforce_experience NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. 2019-11-09 4.6 CVE-2019-5689
CONFIRM nvidia -- geforce_experience
  NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution. 2019-11-09 4.4 CVE-2019-5701
CONFIRM nvidia -- geforce_experience_and_windows_gpu_display_driver
  NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. 2019-11-12 4.4 CVE-2019-5695
CONFIRM
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access. 2019-11-09 4.4 CVE-2019-5694
MISC nvidia -- windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service. 2019-11-09 4.9 CVE-2019-5693
CONFIRM offlineimap -- offlineimap
  offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. 2019-11-13 4.3 CVE-2010-4532
MISC
MISC
MISC
MISC
MISC openstack -- keystone
  OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space 2019-11-12 5 CVE-2012-1572
MISC
MISC pediapress -- mwlib
  mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions 2019-11-12 5 CVE-2012-1109
MISC
MISC
MISC philips -- tasy_emr In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. 2019-11-08 5 CVE-2019-13557
MISC phoenix -- winflash_and_winflash32_drivers
  In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019. 2019-11-13 6.8 CVE-2019-18279
MISC
MISC
CONFIRM phpbb -- phpbb
  phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. 2019-11-14 4.3 CVE-2011-0544
MISC
MISC pixelpost -- pixelpost
  Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. 2019-11-12 6.8 CVE-2010-3305
MISC
MISC
EXPLOIT-DB
MLIST plesk -- parallels_plesk_panel Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. 2019-11-13 4.3 CVE-2019-18793
MISC psutil -- psutil
  psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. 2019-11-12 5 CVE-2019-18874
MISC qpid-cpp -- qpid-cpp
  qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . 2019-11-09 4 CVE-2009-5004
MISC
MISC
MISC
MISC red_hat -- hornetq_rest
  HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy 2019-11-12 4.3 CVE-2014-3599
MISC
MISC red_hat -- jboss_brms
  JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. 2019-11-12 4.3 CVE-2010-3857
MISC
MISC
MISC red_hat -- jboss_keycloak
  JBoss KeyCloak is vulnerable to soft token deletion via CSRF 2019-11-13 4.3 CVE-2014-3655
MISC
MISC
MISC red_hat -- jboss_operations_network
  In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. 2019-11-08 4 CVE-2008-5083
MISC
MISC red_hat -- tuned
  tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. 2019-11-08 4.7 CVE-2013-1820
MISC
MISC
MISC red_hat -- vdsm_and_vdsclient
  vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack 2019-11-13 4.3 CVE-2014-8167
MISC
REDHAT red_hat -- openshift_origin
  OpenShift Origin: Improperly validated team names could allow stored XSS attacks 2019-11-13 4.3 CVE-2014-3592
MISC
MISC ruby_on_rails -- ruby_on_rails
  The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. 2019-11-12 4.3 CVE-2010-3299
MISC
MLIST
MISC
MISC sap -- businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows. 2019-11-13 5.5 CVE-2019-0396
MISC
MISC sap -- data_hub
  Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users. 2019-11-13 4 CVE-2019-0390
MISC
MISC sap -- netweaver_application_server_java An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. 2019-11-13 6.5 CVE-2019-0389
MISC
MISC sap -- netweaver_as_java
  Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. 2019-11-13 4 CVE-2019-0391
MISC
MISC sap -- quality_management An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. 2019-11-13 4 CVE-2019-0393
MISC
MISC sibsoft -- xfilesharing
  SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. 2019-11-13 5 CVE-2019-18951
MISC
MISC slack-chat -- slack-chat
  Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). 2019-11-12 5 CVE-2019-14367
MISC
MISC status -- satusnet
  statusnet before 0.9.9 has XSS 2019-11-12 4.3 CVE-2011-3370
REDHAT
MISC
DEBIAN svg-sanitizer -- svg-sanitizer
  darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. 2019-11-11 5 CVE-2019-18857
MISC
MISC systematic -- iris_standards_management
  Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application. 2019-11-12 4.3 CVE-2019-18926
MISC systematic -- iris_webforms
  Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists. 2019-11-12 5 CVE-2019-18924
MISC tibco -- ebx
  The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6. 2019-11-12 4.3 CVE-2019-17330
MISC
MISC tibco -- ebx
  The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2. 2019-11-12 4.3 CVE-2019-17332
MISC
MISC tmaxsoft -- jeus
  JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. 2019-11-08 6.5 CVE-2019-17327
MISC tnef -- tnef
  In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. 2019-11-11 4.3 CVE-2019-18849
MISC
MISC trilex_labs -- letodms
  letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar 2019-11-13 4.3 CVE-2012-4384
MISC
DEBIAN trilex_labs -- letodms
  letodms 3.3.6 has CSRF via change password 2019-11-13 4.3 CVE-2012-4385
MISC
DEBIAN
MISC twisted_matrix_labs -- twisted
  Python Twisted 14.0 trustRoot is not respected in HTTP client 2019-11-12 5 CVE-2014-7143
MISC
MISC
MISC
MISC untangle -- ng_firewall
  The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. 2019-11-14 6.5 CVE-2019-18646
MISC wolfssl -- wolfssl
  In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. 2019-11-09 5 CVE-2019-18840
MISC wordpress -- wordpress A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="https://www.us-cert.gov#identifier">' substring. 2019-11-11 5 CVE-2019-18854
MISC
MISC
MISC
MISC wordpress -- wordpress
  A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. 2019-11-11 5 CVE-2019-18855
MISC
MISC
MISC
MISC wordpress -- wordpress
  includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. 2019-11-12 4.3 CVE-2019-17236
MISC
MISC wordpress -- wordpress
  includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. 2019-11-12 6.4 CVE-2019-17234
MISC
MISC wordpress -- wordpress
  includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. 2019-11-12 5 CVE-2019-17235
MISC
MISC wordpress -- wordpress
  includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. 2019-11-12 6.8 CVE-2019-17237
MISC
MISC wordpress -- wordpress
  WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). 2019-11-12 5 CVE-2019-14366
MISC wordpress -- wordpress
  The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). 2019-11-12 5 CVE-2019-14365
MISC wso2 -- identity_server WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. 2019-11-12 4.3 CVE-2019-18881
MISC wso2 -- identity_server
  WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. 2019-11-12 4.3 CVE-2019-18882
MISC znc -- znc
  NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. 2019-11-12 5 CVE-2010-2488
MISC
MISC
MISC
CONFIRM zyxel -- p-1302-t10d_devices ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. 2019-11-12 4 CVE-2019-15815
CONFIRM Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info alsa-utils -- alsa-utils
  alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. 2019-11-09 3.6 CVE-2009-0035
MISC
MISC
MISC babiloo -- babiloo
  babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. 2019-11-12 3.3 CVE-2010-3440
MISC
MISC
MISC broadcom -- brocade_sannav
  The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. 2019-11-08 2.1 CVE-2019-16206
CONFIRM google -- android
  In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-138529441 2019-11-13 2.1 CVE-2019-2197
MISC huawei -- honor_10_and_honor_8a_and_y6_smartphones
  Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information. 2019-11-13 2.1 CVE-2019-5292
MISC huawei -- honor_play_smartphones Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. 2019-11-12 1.9 CVE-2019-5213
MISC huawei -- p30_smartphones
  P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. 2019-11-13 2.1 CVE-2019-5231
MISC huawei -- p30_smartphones
  An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. 2019-11-08 2.1 CVE-2019-3866
CONFIRM ibm -- qradar
  IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618. 2019-11-09 3.5 CVE-2019-4454
XF
CONFIRM ibm -- qradar
  IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779. 2019-11-09 3.5 CVE-2019-4470
XF
CONFIRM ibm -- spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. 2019-11-12 3.6 CVE-2019-4652
XF
CONFIRM liboping -- liboping
  liboping 1.3.2 allows users reading arbitrary files upon the local system. 2019-11-09 2.1 CVE-2009-3614
MISC
MISC mailscanner -- mailscanner
  The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. 2019-11-12 2.1 CVE-2010-3292
MISC
MISC
MISC
MLIST mailscanner -- mailscanner
  mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. 2019-11-12 3.3 CVE-2010-3095
MISC
MISC
MISC
MLIST mcafee -- advanced_threat_defense
  Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. 2019-11-14 2.1 CVE-2019-3663
MISC mcafee -- threat_intelligence_exchange_server
  Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. 2019-11-13 3.5 CVE-2019-3641
CONFIRM medtronic -- valleylab_ft10_energy_platform_and_ls10_energy_platform
  In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. 2019-11-08 2.1 CVE-2019-13531
MISC medtronic -- valleylab_ft10_energy_platform_and_valleylab_ls10_energy_platform
  In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. 2019-11-08 2.1 CVE-2019-13535
MISC microsoft -- multiple_products An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. 2019-11-12 2.1 CVE-2019-1402
MISC microsoft -- multiple_products
  An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. 2019-11-12 2.1 CVE-2019-1418
MISC microsoft -- multiple_products
  An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'. 2019-11-12 2.1 CVE-2019-1409
MISC microsoft -- multiple_products
  An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. 2019-11-12 2.1 CVE-2019-1381
MISC microsoft -- multiple_products
  An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'. 2019-11-12 2.1 CVE-2019-1382
MISC microsoft -- multiple_products
  An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440. 2019-11-12 2.1 CVE-2019-1436
MISC microsoft -- multiple_products
  An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'. 2019-11-12 2.1 CVE-2019-1412
MISC
MISC microsoft -- open_enclave_sdk
  An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. 2019-11-12 2.1 CVE-2019-1370
MISC

microsoft -- windows_10_and_windows_server_2019_and_windows_server

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436. 2019-11-12 2.1 CVE-2019-1440
MISC mysql-gui-tools -- mysql-gui-tools
  mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. 2019-11-12 2.1 CVE-2010-4177
MISC
MISC
MISC
MISC
MISC
MISC netgear -- wnr3500u_and_wnr3500l Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. 2019-11-13 3.5 CVE-2013-3517
MISC
MISC nvidia -- virtual_gpu_manager
  NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service. 2019-11-09 2.1 CVE-2019-5698
CONFIRM nvidia -- virtual_gpu_manager
  NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service. 2019-11-09 2.1 CVE-2019-5696
CONFIRM nvidia -- virtual_gpu_manager
  NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service. 2019-11-09 3.6 CVE-2019-5697
CONFIRM pacemaker -- pacemaker
  Pacemaker before 1.1.6 configure script creates temporary files insecurely 2019-11-12 3.3 CVE-2011-5271
MISC
MISC
MISC
MISC patriot -- viper_rgb
  The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. 2019-11-09 3.6 CVE-2019-18845
MISC red_hat -- 389_directory_server A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. 2019-11-08 3.5 CVE-2019-14824
CONFIRM red_hat -- enterprise_virtualization_manager
  In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. 2019-11-09 2.9 CVE-2009-3552
MISC
MISC
BUGTRAQ sap -- businessobjects_business_intelligence_platform
  A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability. 2019-11-13 3.5 CVE-2019-0382
MISC
MISC sap -- enable_now
  SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-11-13 3.5 CVE-2019-0385
MISC
MISC technicolor -- tc7300_router
  An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this. 2019-11-13 3.5 CVE-2019-17524
MISC
MISC technicolor -- tc7300_router
  An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. 2019-11-13 3.5 CVE-2019-17523
MISC
MISC tibco -- ebx
  The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0. 2019-11-12 3.5 CVE-2019-17331
MISC
MISC untangle -- ng_firewall
  When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. 2019-11-14 3.5 CVE-2019-18649
MISC untangle -- ng_firewall
  When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. 2019-11-14 3.5 CVE-2019-18648
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 3xlogic-- infinias_access_control
  A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document to a user that the website trusts. The user needs to have an active privileged session. 2019-11-14 not yet calculated CVE-2019-18651
MISC actiontec -- mi424wr-gen3i_router Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. 2019-11-13 not yet calculated CVE-2013-3097
MISC
MISC
MISC
MISC adobe -- animate_cc Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. 2019-11-14 not yet calculated CVE-2019-7960
CONFIRM adobe -- bridge_cc Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. 2019-11-14 not yet calculated CVE-2019-8239
CONFIRM adobe -- bridge_cc Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. 2019-11-14 not yet calculated CVE-2019-8240
CONFIRM adobe -- illustrator_cc Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-11-14 not yet calculated CVE-2019-8248
CONFIRM adobe -- illustrator_cc Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. 2019-11-14 not yet calculated CVE-2019-7962
CONFIRM adobe -- illustrator_cc Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-11-14 not yet calculated CVE-2019-8247
CONFIRM adobe -- media_encoder Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-11-14 not yet calculated CVE-2019-8242
CONFIRM
MISC adobe -- media_encoder Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . 2019-11-14 not yet calculated CVE-2019-8246
CONFIRM adobe -- media_encoder Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-11-14 not yet calculated CVE-2019-8241
CONFIRM
MISC adobe -- media_encoder Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-11-14 not yet calculated CVE-2019-8244
CONFIRM
MISC adobe -- media_encoder Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2019-11-14 not yet calculated CVE-2019-8243
CONFIRM
MISC advan -- i6a_android_device The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15357
MISC allview -- x5_android_device The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15383
MISC archos -- core_101_android_device The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15387
MISC artifex -- ghostscript A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. 2019-11-15 not yet calculated CVE-2019-14869
MLIST
CONFIRM
CONFIRM
CONFIRM
FEDORA asus -- asus_a002_2_android_device The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15402
MISC asus -- asus_a002_android_device The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15401
MISC asus -- asus_x00K_1_android_device The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15405
MISC asus -- asus_x00k_1_android_device The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15418
MISC asus -- asus_x00ld_3_android_device The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15406
MISC asus -- asus_x015_1_android_device The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15407
MISC asus -- zenfone_3_laser_android_device The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15411
MISC asus -- zenfone_3_ultra_android_device The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15400
MISC asus -- zenfone_3_ultra_android_device The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15413
MISC asus -- zenfone_3s_max_android_device The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15403
MISC asus -- zenfone_4_selfie_android_device The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15412
MISC asus -- zenfone_5_lite_android_device The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15408
MISC asus -- zenfone_5q_android_device The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15409
MISC asus -- zenfone_ar_android_device The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15414
MISC asus -- zenfone_max_4_android_device The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15404
MISC asus -- asus_x015_1_android_device The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15419
MISC asus -- rt-ac66u_and_n56u_wireless_routers Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. 2019-11-13 not yet calculated CVE-2013-4656
MISC
MISC
MISC asus -- zenfone_3_android_device The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15396
MISC asus -- zenfone_3s_max_android_device The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15395
MISC asus -- zenfone_4_selfie_android_device The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15398
MISC asus -- zenfone_4_selfie_android_device The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15391
MISC asus -- zenfone_4_selfie_android_device The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15392
MISC asus -- zenfone_5_selfie_android_device The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15394
MISC asus -- zenfone_5q_android_device The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15399
MISC asus -- zenfone_5q_android_device The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15410
MISC asus -- zenfone_live_android_device The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15393
MISC asus -- zenfone_max_4_android_device The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15397
MISC ax25-tools -- ax25-tools The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation. 2019-11-15 not yet calculated CVE-2011-2910
MISC
MISC
MISC blackview -- bv7000_pro_android_device The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15421
MISC blackview -- bv9000pro-f_android_device The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15420
MISC blade -- shadow The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. 2019-11-14 not yet calculated CVE-2019-16110
MISC bluboo -- bluboo_s1_android_device The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15423
MISC bluboo -- d3_pro_android_device The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15430
MISC bq_mobile -- 5515l_android_device The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15381
MISC cactus-- go-camo Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. 2019-11-13 not yet calculated CVE-2019-18923
MISC
CONFIRM cherry -- flare_s7_android_device The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15377
MISC chrony -- chrony Chrony before 1.29.1 has traffic amplification in cmdmon protocol 2019-11-15 not yet calculated CVE-2014-0021
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC clamav -- clamav ClamAV before 0.97.7 has WWPack corrupt heap memory 2019-11-15 not yet calculated CVE-2013-7087
MISC
MISC
MISC
MISC
MISC clamav -- clamav ClamAV before 0.97.7 has buffer overflow in the libclamav component 2019-11-15 not yet calculated CVE-2013-7088
MISC
MISC
MISC
MISC
MISC clamav -- clamav ClamAV before 0.97.7: dbg_printhex possible information leak 2019-11-15 not yet calculated CVE-2013-7089
MISC
MISC
MISC
MISC consolekit -- consolekit In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. 2019-11-13 not yet calculated CVE-2010-4664
MISC
MISC
MISC coolpad -- 1851_android_device The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15388
MISC coolpad -- 1851_android_device The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15368
MISC coolpad -- 1851_android_device The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15352
MISC coolpad -- n3c_android_device The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15353
MISC crun -- crun
  An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c. 2019-11-13 not yet calculated CVE-2019-18837
MISC
CONFIRM
MISC
MISC cryptocat_project -- cryptocat An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165. 2019-11-14 not yet calculated CVE-2013-4109
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22. 2019-11-14 not yet calculated CVE-2013-4106
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors. 2019-11-14 not yet calculated CVE-2013-4108
MISC
MISC cubot -- nova_android_device The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15382
MISC cyrus -- imap Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. 2019-11-15 not yet calculated CVE-2019-18928
MISC
MISC data_plane_development_kit -- data_plane_development_kit A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. 2019-11-14 not yet calculated CVE-2019-14818
MISC
CONFIRM dexp -- bl250_android_device The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15364
MISC dexp -- z250_android_device The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15358
MISC doogee -- bl5000_android_device The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15424
MISC doogee -- mix_android_device The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15422
MISC drupal -- drupal Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. 2019-11-13 not yet calculated CVE-2013-4275
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC drupal -- drupal hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. 2019-11-13 not yet calculated CVE-2011-4972
MISC
MISC
MISC drupal -- drupal An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. 2019-11-15 not yet calculated CVE-2011-2726
MISC
MISC
MISC
MISC
MISC
CONFIRM eclipse -- jetty Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string. 2019-11-15 not yet calculated CVE-2009-5047
MISC
MISC
MLIST edgewall_software -- trac Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. 2019-11-13 not yet calculated CVE-2010-5108
MISC
MISC
MISC elephone -- a4_android_device The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15384
MISC eq-3 -- homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. 2019-11-14 not yet calculated CVE-2019-18937
MISC eq-3 -- homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution. 2019-11-14 not yet calculated CVE-2019-18938
MISC eq-3 -- homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. 2019-11-14 not yet calculated CVE-2019-18939
MISC espressif -- esp32 An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset. 2019-11-14 not yet calculated CVE-2019-17391
CONFIRM evercross -- u50a_android_device The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0_VER_2017.04.21_17:55:55) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15431
MISC evercross -- u6_android_device The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516486284094) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15432
MISC exhibitor_web_ui -- exhibitor_web_ui An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process. 2019-11-13 not yet calculated CVE-2019-5029
MISC f5 -- big-ip On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service. 2019-11-15 not yet calculated CVE-2019-6660
MISC f5 -- big-ip On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages. 2019-11-15 not yet calculated CVE-2019-6659
MISC f5 -- big-ip On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices. 2019-11-15 not yet calculated CVE-2019-6664
MISC f5 -- big-ip On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data. 2019-11-15 not yet calculated CVE-2019-6662
MISC f5 -- big-ip_apm When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources. 2019-11-15 not yet calculated CVE-2019-6661
MISC f5 -- mutilple_products The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. 2019-11-15 not yet calculated CVE-2019-6663
MISC facebook -- whatsapp A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. 2019-11-14 not yet calculated CVE-2019-11931
CONFIRM fly -- photo_pro_android_device The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15380
MISC fuji_electric -- v-server In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. 2019-11-13 not yet calculated CVE-2019-18240
MISC gksu-polkit -- gksu-polkit In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. 2019-11-15 not yet calculated CVE-2011-0703
MISC
MISC gnu -- fribidi A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. 2019-11-13 not yet calculated CVE-2019-18397
CONFIRM
MISC
MISC
MISC haier -- a6_android_device The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15359
MISC haier -- a6_android_device The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15389
MISC haier -- g8_android_device The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container app (versionCode=5, versionName=1.03.00_VER_32525983298984) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15390
MISC haier -- g8_android_device The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15375
MISC haier -- g8_android_device The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15370
MISC haier -- p10_android_device The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15367
MISC hisense -- f17_android_device The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15372
MISC hisense -- u965_android_device The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15360
MISC hitachi -- command_suite A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. 2019-11-12 not yet calculated CVE-2019-17360
MISC
CONFIRM huawei -- p30_smartphones P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. 2019-11-13 not yet calculated CVE-2019-5288
MISC huawei -- p30_smartphones
  P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. 2019-11-13 not yet calculated CVE-2019-5287
MISC huawei-- harry-al00c_smartphones Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. 2019-11-12 not yet calculated CVE-2017-17224
CONFIRM
MISC huawei -- emily-l29c_smartphones Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage. 2019-11-13 not yet calculated CVE-2019-5279
MISC infinix -- note_5_android_device The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15385
MISC infinix -- note_5_android_device The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15366
MISC infinix -- note_5_android_device The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15361
MISC intel -- multiple_processors TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. 2019-11-14 not yet calculated CVE-2019-11135
CONFIRM
MISC intel -- nuvoton_consumer_infrared_driver Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-14602
MISC intel -- baseboard_management_controller_firmware Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. 2019-11-14 not yet calculated CVE-2019-11174
MISC intel -- baseboard_management_controller_firmware Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. 2019-11-14 not yet calculated CVE-2019-11179
MISC intel -- baseboard_management_controller_firmware Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. 2019-11-14 not yet calculated CVE-2019-11182
MISC intel -- baseboard_management_controller_firmware Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. 2019-11-14 not yet calculated CVE-2019-11170
MISC intel -- baseboard_management_controller_firmware Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access. 2019-11-14 not yet calculated CVE-2019-11178
MISC intel -- baseboard_management_controller_firmware Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. 2019-11-14 not yet calculated CVE-2019-11173
MISC intel -- baseboard_management_controller_firmware Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. 2019-11-14 not yet calculated CVE-2019-11172
MISC intel -- baseboard_management_controller_firmware Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. 2019-11-14 not yet calculated CVE-2019-11180
MISC intel -- baseboard_management_controller_firmware Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. 2019-11-14 not yet calculated CVE-2019-11177
MISC intel -- baseboard_management_controller_firmware Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. 2019-11-14 not yet calculated CVE-2019-11168
CONFIRM
MISC intel -- baseboard_management_controller_firmware Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access. 2019-11-14 not yet calculated CVE-2019-11171
MISC intel -- baseboard_management_controller_firmware Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access. 2019-11-14 not yet calculated CVE-2019-11181
MISC intel -- baseboard_management_controller_firmware Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. 2019-11-14 not yet calculated CVE-2019-11175
MISC intel -- core_processors_and_xeon_processors Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-0151
MISC intel -- ethernet_700_series_controllers Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-0142
MISC intel -- ethernet_700_series_controllers Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. 2019-11-14 not yet calculated CVE-2019-0146
MISC intel -- ethernet_700_series_controllers Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. 2019-11-14 not yet calculated CVE-2019-0140
MISC intel -- ethernet_700_series_controllers Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-0139
MISC intel -- ethernet_700_series_controllers Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-0145
MISC intel -- ethernet_700_series_controllers Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access. 2019-11-14 not yet calculated CVE-2019-0144
MISC intel -- ethernet_700_series_controllers Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. 2019-11-14 not yet calculated CVE-2019-0143
MISC intel -- ethernet_700_series_controllers Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. 2019-11-14 not yet calculated CVE-2019-0148
MISC intel -- ethernet_700_series_controllers Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. 2019-11-14 not yet calculated CVE-2019-0147
MISC intel -- ethernet_700_series_controllers Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. 2019-11-14 not yet calculated CVE-2019-0149
MISC intel -- ethernet_700_series_controllers Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. 2019-11-14 not yet calculated CVE-2019-0150
MISC intel -- graphics_driver Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-11111
MISC intel -- graphics_driver Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. 2019-11-14 not yet calculated CVE-2019-11089
MISC intel -- graphics_driver Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-14590
MISC intel -- graphics_driver Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. 2019-11-14 not yet calculated CVE-2019-14574
MISC intel -- graphics_driver Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. 2019-11-14 not yet calculated CVE-2019-14591
MISC intel -- graphics_driver Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-11113
MISC intel -- graphics_driver Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-11112
MISC intel -- multiple_core_and_xeon_processors Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-0117
MISC intel -- multiple_core_and_xeon_processors Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-0185
MISC intel -- multiple_core_and_xeon_processors Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-0124
MISC intel -- multiple_core_and_xeon_processors Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-0123
MISC intel -- multiple_core_and_xeon_processors Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-0184
MISC intel -- multiple_processors Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. 2019-11-14 not yet calculated CVE-2018-12207
MISC intel -- multiple_processors Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-0155
REDHAT
REDHAT
REDHAT
MISC intel -- multiple_processors Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. 2019-11-14 not yet calculated CVE-2019-0154
MISC intel -- multiple_xeon_processors Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-11136
MISC intel -- proset/wireless_wifi_software Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local access. 2019-11-14 not yet calculated CVE-2019-11153
MISC intel -- proset/wireless_wifi_software Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-11155
MISC intel -- proset/wireless_wifi_software Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-11154
MISC intel -- proset/wireless_wifi_software Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-11156
MISC intel -- software_guard_extensions_sdk Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. 2019-11-14 not yet calculated CVE-2019-14565
MISC intel -- software_guard_extensions_sdk Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. 2019-11-14 not yet calculated CVE-2019-14566
MISC intel -- wifi_drivers Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-11151
MISC intel -- wifi_drivers Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access. 2019-11-14 not yet calculated CVE-2019-11152
MISC intel -- xeon_processors Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2019-11-14 not yet calculated CVE-2019-0152
MISC intel -- xeon_processors_and_atom_processors Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. 2019-11-14 not yet calculated CVE-2019-11137
MISC intel -- xeon_scalable_processors Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. 2019-11-14 not yet calculated CVE-2019-11139
MISC joomla! -- joomla! views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. 2019-11-13 not yet calculated CVE-2014-1214
MISC
MISC kata -- m4s_android_device The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15425
MISC klibc -- klibc In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. 2019-11-14 not yet calculated CVE-2011-1930
MISC
MISC
MISC
MISC
MISC lava -- flair_z1_android_device The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15356
MISC lava -- flair_z1_android_device The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15333
MISC lava -- iris_88_go_android_device The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15362
MISC lava -- iris_88_go_android_device The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15334
MISC lava -- iris_88_lite_android_device The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15374
MISC lava -- iris_88_lite_android_device The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15338
MISC lava -- z60s_android_device The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15386
MISC lava -- z60s_android_device The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15339
MISC lava -- z61_android_device The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15332
MISC lava -- z61_turbo_android_device The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15369
MISC lava -- z61_turbo_android_device The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15336
MISC lava -- z81_android_device The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15337
MISC lava -- z92_android_device The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15335
MISC lava -- z92_android_device The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15365
MISC leagoo -- power_5_android_device The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15363
MISC lenovo -- thinkpad_t460p The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. 2019-11-12 not yet calculated CVE-2019-6188
MISC limnoria -- limnoria Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. 2019-11-16 not yet calculated CVE-2019-19010
MISC
MISC linux -- linux_kernel fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. 2019-11-14 not yet calculated CVE-2019-18885
MISC
MISC
MISC marvell -- 88w8688_wi-fi_firmware An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution. 2019-11-15 not yet calculated CVE-2019-13582
CONFIRM marvell -- 88w8688_wi-fi_firmware An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets. 2019-11-15 not yet calculated CVE-2019-13581
CONFIRM mcafee -- data_loss_prevention Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. 2019-11-14 not yet calculated CVE-2019-3640
CONFIRM mcafee -- total_protection A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. 2019-11-13 not yet calculated CVE-2019-3648
CONFIRM mediawiki -- mediawiki An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition. 2019-11-15 not yet calculated CVE-2019-18987
MISC
MISC
MISC microsoft -- visual_studio_2017_and_2019 An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'. 2019-11-12 not yet calculated CVE-2019-1425
MISC mitsubishi_electric -- multiple_products In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. 2019-11-13 not yet calculated CVE-2019-13555
MISC moodle -- moodle Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. 2019-11-14 not yet calculated CVE-2012-1169
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC moodle -- moodle Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. 2019-11-14 not yet calculated CVE-2012-1168
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC moodle -- moodle Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export 2019-11-14 not yet calculated CVE-2012-1158
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC moodle -- moodle Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default 2019-11-14 not yet calculated CVE-2012-1157
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC moodle -- moodle Moodle before 2.2.2 has users' private files included in course backups 2019-11-14 not yet calculated CVE-2012-1156
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC moodle -- moodle Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to 2019-11-14 not yet calculated CVE-2012-1155
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC moodle -- moodle Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php 2019-11-14 not yet calculated CVE-2012-1160
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC netease -- pomelo Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input. 2019-11-14 not yet calculated CVE-2019-18954
MISC
MISC netgear -- wndr4700_centria_firmware A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. 2019-11-14 not yet calculated CVE-2013-3073
CONFIRM
MISC
MISC
MISC
MISC
MISC netgear -- wndr4700_centria_firmware An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. 2019-11-14 not yet calculated CVE-2013-3072
CONFIRM
MISC
MISC
MISC netgear -- wndr4700_firmware An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN. 2019-11-14 not yet calculated CVE-2013-3070
CONFIRM
MISC
MISC
MISC
MISC netgear -- wnr3500u_and_wnr3500l_routers NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. 2019-11-13 not yet calculated CVE-2013-3516
MISC
MISC
MISC netgear -- wnr3500u_and_wnr3500l_wireless_routers Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. 2019-11-13 not yet calculated CVE-2013-4657
MISC nss -- nss
  Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash. 2019-11-15 not yet calculated CVE-2016-5285
MISC
MISC
MISC
MISC
MISC
MISC
MISC panasonic -- eluga_i9_android_device The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15429
MISC panasonic -- eluga_ray_530_android_device The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15376
MISC panasonic -- eluga_ray_600_android_device The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15378
MISC perdition -- perdition Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections 2019-11-15 not yet calculated CVE-2013-4584
MISC
MISC
MISC
MISC
MISC php -- php PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. 2019-11-13 not yet calculated CVE-2010-4657
MISC
MISC
MISC
MISC pimcore -- pimcore Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. 2019-11-15 not yet calculated CVE-2019-18981
MISC
MISC pimcore -- pimcore bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. 2019-11-15 not yet calculated CVE-2019-18982
MISC
MISC pimcore -- pimcore Pimcore before 6.2.2 lacks brute force protection for the 2FA token. 2019-11-15 not yet calculated CVE-2019-18985
MISC
MISC pimcore -- pimcore Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. 2019-11-15 not yet calculated CVE-2019-18986
MISC
MISC pithos -- pithos pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. 2019-11-13 not yet calculated CVE-2010-4817
MISC
MISC
MISC
MISC
MISC poppler -- poppler An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. 2019-11-13 not yet calculated CVE-2010-4653
MISC
MISC
MISC
MISC
MISC poppler -- poppler poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. 2019-11-13 not yet calculated CVE-2010-4654
MISC
MISC
MISC
MISC project_acrn -- acrn_hypervisor
  The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. 2019-11-13 not yet calculated CVE-2019-18844
MISC
MISC
MISC
MISC
MISC qtnx -- qtnx qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. 2019-11-15 not yet calculated CVE-2011-2916
MISC
MISC
MISC rack_cors_gem_for_ruby_on_rails -- rack_cors_gem_for_ruby_on_rails An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. 2019-11-14 not yet calculated CVE-2019-18978
MISC
MISC red_hat -- openshift OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution 2019-11-15 not yet calculated CVE-2014-0023
MISC
MISC rise -- ultimate_project_manager index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. 2019-11-13 not yet calculated CVE-2019-18884
MISC
MISC rsyslog -- rsyslog A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. 2019-11-14 not yet calculated CVE-2011-1488
MISC
MISC
MISC
MISC rsyslog -- rsyslog A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. 2019-11-14 not yet calculated CVE-2011-1489
MISC
MISC
MISC
MISC rsyslog -- rsyslog A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset 2019-11-14 not yet calculated CVE-2011-1490
MISC
MISC
MISC
MISC samsung -- a3_android_device The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15433
MISC samsung -- a5_android_device The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15434
MISC samsung -- a7_android_device The Samsung A7 Android device with a build fingerprint of samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15435
MISC samsung -- a8+_android_device The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15436
MISC samsung -- j3_android_device The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15452
MISC samsung -- j3_android_device
  The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15451
MISC samsung -- j3popeltecan_android_device The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15450
MISC samsung -- j4_android_device The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15453
MISC samsung -- j4_android_device The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15454
MISC samsung -- j5_android_device The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15455
MISC samsung -- j5_android_device The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15440
MISC samsung -- j6_android_device The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15456
MISC samsung -- j6_android_device The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15457
MISC samsung -- j7_android_device The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15445
MISC samsung -- j7_android_device The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15446
MISC samsung -- j7_android_device The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15444
MISC samsung -- j7_duo_android_device The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15462
MISC samsung -- j7_edge_android_device The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15448
MISC samsung -- j7_edge_android_device The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15447
MISC samsung -- j7_max_android_device The Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15443
MISC samsung -- j7_neo_android_device The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15459
MISC samsung -- j7_neo_android_device The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15460
MISC samsung -- j7_neo_android_device The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15458
MISC samsung -- j7_neo_android_device The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15461
MISC samsung -- j7_on7xeltelgt_android_device The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15441
MISC samsung -- j7_on7xelteskt_android_device The Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15442
MISC samsung -- j7_pro_android_device The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15464
MISC samsung -- j7_pro_android_device The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15465
MISC samsung -- j7popeltemtr_android_device The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15463
MISC samsung -- s7_edge_android_device The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15449
MISC samsung -- xcover4_android_device The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15438
MISC samsung -- xcover4_android_device The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15439
MISC samsung -- xcover4_android_device The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15437
MISC sap -- erp_sales_and_s4hana_sales Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges. 2019-11-13 not yet calculated CVE-2019-0386
MISC
MISC sap -- ui5_and_ui_700 SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. 2019-11-13 not yet calculated CVE-2019-0388
MISC
MISC sas -- xml_mapper SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. 2019-11-14 not yet calculated CVE-2019-14678
MISC
MISC scanguard -- scanguard Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. 2019-11-14 not yet calculated CVE-2019-18895
MISC
FULLDISC
MISC
MISC signify -- philips_taolight_smart_wi-fi_wiz_connected_led_bulb
  On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. 2019-11-14 not yet calculated CVE-2019-18980
MISC

simpleledger -- slp-validate

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0.0 have been patched. 2019-11-15 not yet calculated CVE-2019-16761
MISC
CONFIRM simpleledger -- slp-validate
  A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4. 2019-11-15 not yet calculated CVE-2019-16762
MISC
CONFIRM snowhaze -- snowhaze
  SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration. 2019-11-14 not yet calculated CVE-2019-18949
MISC soft112 -- file_sharing_wizard File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331. 2019-11-12 not yet calculated CVE-2019-18655
MISC sony -- keyaki_kddi_android_device The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. 2019-11-14 not yet calculated CVE-2019-15416
MISC sony -- xperia_touch_android_device The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage. 2019-11-14 not yet calculated CVE-2019-15743
MISC sony -- xperia_xzs_android_device The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15744
MISC stmicroelectronics -- st33phf2espi_tpm_devices STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. 2019-11-14 not yet calculated CVE-2019-16863
MISC
CONFIRM symantec -- endpoint_protection Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2019-11-15 not yet calculated CVE-2019-18372
MISC symantec -- endpoint_protection Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. 2019-11-15 not yet calculated CVE-2019-12756
MISC symantec -- endpoint_protection Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. 2019-11-15 not yet calculated CVE-2019-12758
MISC symantec -- endpoint_protection_and_endpoint_protection_small_business_edition Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2019-11-15 not yet calculated CVE-2019-12757
MISC symantec -- endpoint_protection_manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2019-11-15 not yet calculated CVE-2018-18368
MISC

symantec -- endpoint_protection_manager_and_mail_security_for_ms_exchange

Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2019-11-15 not yet calculated CVE-2019-12759
MISC symphony -- g100_android_device The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15371
MISC symphony -- i95_lite_android_device The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15373
MISC tecno -- camon_android_device The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15350
MISC tecno -- camon_android_device The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15348
MISC tecno -- camon_android_device The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15351
MISC tecno -- camon_android_device The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15349
MISC tecno -- camon_iair_2_plus_android_device The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15342
MISC tecno -- camon_iair_2_plus_android_device The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15341
MISC tecno -- camon_iclick_2_android_device The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15346
MISC tecno -- camon_iclick_2_android_device The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15347
MISC tecno -- camon_iclick_android_device The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15345
MISC tecno -- camon_iclick_android_device The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15355
MISC tecno -- camon_iclick_android_device The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15343
MISC tecno -- camon_iclick_android_device The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. 2019-11-14 not yet calculated CVE-2019-15344
MISC tecno -- spark_pro_android_device The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15417
MISC tematres -- tematres TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. 2019-11-15 not yet calculated CVE-2019-14343
MISC
MISC
MISC
MISC tematres -- tematres TemaTres 3.0 allows remote unprivileged users to create an administrator account 2019-11-15 not yet calculated CVE-2019-14345
MISC
MISC
MISC
MISC tesseract -- tesseract In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. 2019-11-14 not yet calculated CVE-2011-1136
MISC
MISC
MISC texas_instruments -- cc256x_and_wl18xx_dual_mode_bluetooth_controller_devices Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4. 2019-11-13 not yet calculated CVE-2019-15948
MISC
MISC thunar -- thunar Thunar 1.2 through 1.2.1 could crash when copy and pasting a file name with % format characters due to a format string error. 2019-11-14 not yet calculated CVE-2011-1588
MISC
MISC
MISC
MISC tp-link -- tl-wdr4300_and_tl-1043nd_wireless_routers Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. 2019-11-13 not yet calculated CVE-2013-4654
MISC
MISC
MISC trendnet -- tew-691gr_and_tew-692gr_wireless_routers Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G?DFdg_24Mhw3. 2019-11-13 not yet calculated CVE-2013-3367
MISC
MISC
MISC trendnet -- tew-812dru_wireless_router Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G?DFdg_24Mhw3. 2019-11-13 not yet calculated CVE-2013-3366
MISC
MISC
MISC udisks -- udisks udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. 2019-11-13 not yet calculated CVE-2010-4661
MISC
MISC
MISC
MISC ulefone -- armor_5_android_device The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15354
MISC unixodbc -- unixodbc The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. 2019-11-14 not yet calculated CVE-2011-1145
MISC
MISC
MISC
MISC v86d -- v86d v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. 2019-11-14 not yet calculated CVE-2011-1070
MISC
MISC
MISC walton -- primo_g3_android_device The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 2019-11-14 not yet calculated CVE-2019-15379
MISC wordpress -- wordpress The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. 2019-11-13 not yet calculated CVE-2019-17550
MISC
MISC
MISC
MISC wordpress -- wordpress The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. 2019-11-13 not yet calculated CVE-2019-17515
MISC
MISC
MISC xiaomi -- redmi_5_android_device The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15415
MISC xiaomi -- 5s_plus_android_device The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15426
MISC xiaomi -- cepheus_android_device The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. 2019-11-14 not yet calculated CVE-2019-15474
MISC xiaomi -- mi_a2_lite_android_device The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. 2019-11-14 not yet calculated CVE-2019-15473
MISC xiaomi -- mi_a2_lite_android_device The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15468
MISC xiaomi -- mi_a2_lite_android_device The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. 2019-11-14 not yet calculated CVE-2019-15472
MISC xiaomi -- mi_a3_android_device The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. 2019-11-14 not yet calculated CVE-2019-15475
MISC xiaomi -- mi_mix_2s_android_device The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15467
MISC xiaomi -- mi_mix_2s_android_device The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. 2019-11-14 not yet calculated CVE-2019-15471
MISC xiaomi -- mi_mix_android_device The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15427
MISC xiaomi -- mi_note_2_android_device The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15428
MISC xiaomi -- mi_pad_4_android_device The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. 2019-11-14 not yet calculated CVE-2019-15469
MISC xiaomi -- redmi_6_pro_android_device The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. 2019-11-14 not yet calculated CVE-2019-15466
MISC xiaomi -- redmi_6_pro_android_device The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. 2019-11-14 not yet calculated CVE-2019-15340
MISC xiaomi -- redmi_note_6_pro_android_device The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. 2019-11-14 not yet calculated CVE-2019-15470
MISC zte -- zxhn_h108n The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. 2019-11-13 not yet calculated CVE-2019-3420
MISC zyxel -- gs1900_devices An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.) 2019-11-14 not yet calculated CVE-2019-15800
MISC
CONFIRM zyxel -- gs1900_devices An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware. 2019-11-14 not yet calculated CVE-2019-15802
MISC
CONFIRM zyxel -- gs1900_devices An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. 2019-11-14 not yet calculated CVE-2019-15803
MISC
CONFIRM zyxel -- gs1900_devices An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. 2019-11-14 not yet calculated CVE-2019-15804
MISC
CONFIRM zyxel -- gs1900_devices An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. 2019-11-14 not yet calculated CVE-2019-15801
MISC
CONFIRM zyxel -- gs1900_devices An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. 2019-11-14 not yet calculated CVE-2019-15799
MISC
MISC
CONFIRM Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Reminder: Malware Can Exploit Improper Configurations

US-CERT All NCAS Products - Fri, 11/15/2019 - 18:19
Original release date: November 15, 2019

Protect yourself from unwanted—and potentially harmful—files or programs by adhering to vendor-recommended configurations for hardware and software. Doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following tips and guidance:

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

NCSC-NZ Releases Annual Cyber Threat Report

US-CERT All NCAS Products - Thu, 11/14/2019 - 17:01
Original release date: November 14, 2019

The New Zealand National Cyber Security Centre (NCSC-NZ) has released their annual report detailing cyber threats and incidents affecting New Zealand from July 2018 to June 2019. During this period, NCSC-NZ recorded an increase in the severity of cybersecurity incidents—particularly from state-sponsored threat actors. NCSC-NZ provides enhanced cybersecurity services to New Zealand Government and organizations of national significance against cybersecurity threats.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Cyber Threat Report for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

VMware Releases Security Updates

US-CERT All NCAS Products - Tue, 11/12/2019 - 22:09
Original release date: November 12, 2019

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Adobe Releases Security Updates

US-CERT All NCAS Products - Tue, 11/12/2019 - 20:05
Original release date: November 12, 2019

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Intel Releases Security Updates

US-CERT All NCAS Products - Tue, 11/12/2019 - 20:00
Original release date: November 12, 2019

Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

For updates addressing medium severity vulnerabilities, see the Intel Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Microsoft Releases November 2019 Security Updates

US-CERT All NCAS Products - Tue, 11/12/2019 - 19:58
Original release date: November 12, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s November 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Vulnerability Summary for the Week of November 4, 2019

US-CERT All NCAS Products - Mon, 11/11/2019 - 16:51
Original release date: November 11, 2019 | Last revised: November 12, 2019

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- struts Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. 2019-11-01 7.5 CVE-2011-3923
MISC
EXPLOIT-DB
BID
MISC
MISC
XF
MISC aruba_networks -- clearpass_policy_manager Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. 2019-11-06 10 CVE-2016-4401
CONFIRM clamav -- clamav There is a possible heap overflow in libclamav/fsg.c before 0.100.0. 2019-11-06 7.5 CVE-2007-0899
MISC computing_for_good -- basic_laboratory_information_system Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user. 2019-11-06 7.5 CVE-2019-5617
MISC computing_for_good -- basic_laboratory_information_system
  Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator. 2019-11-06 7.5 CVE-2019-5644
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview 2019-11-04 7.5 CVE-2013-2259
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input 2019-11-04 7.5 CVE-2013-4103
MISC
MISC
MISC
MISC
MISC gri -- gri gri before 2.12.18 generates temporary files in an insecure way. 2019-11-08 7.5 CVE-2008-7291
MISC isl_internet_sicherheitslösungen -- arp_guard A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. 2019-11-04 7.5 CVE-2019-18663
MISC linux -- linux_kernel A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef. 2019-11-07 7.8 CVE-2019-18812
MISC linux -- linux_kernel A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.33 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. 2019-11-07 7.8 CVE-2010-2243
MISC
CONFIRM
MISC
MLIST linux -- linux_kernel An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. 2019-11-07 7.5 CVE-2019-18814
MISC linux -- linux_kernel A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. 2019-11-07 7.8 CVE-2019-18813
MISC linux -- linux_kernel An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. 2019-11-04 7.8 CVE-2019-18680
MISC
MISC
MISC
MISC linux -- linux_kernel An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. 2019-11-07 7.5 CVE-2019-18805
MISC
MISC linux -- linux_kernel A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d. 2019-11-07 7.8 CVE-2019-18810
MISC
MISC linux -- linux_kernel A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. 2019-11-07 7.8 CVE-2019-18809
MISC linux -- linux_kernel A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. 2019-11-07 7.8 CVE-2019-18811
MISC linux-vserver -- linux-vserver linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. 2019-11-06 10 CVE-2006-4243
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods. 2019-11-06 7.5 CVE-2019-8144
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection. 2019-11-06 9 CVE-2019-8159
MISC magento -- magento An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities. 2019-11-05 7.5 CVE-2019-8121
MISC magento -- magento An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component. 2019-11-06 7.5 CVE-2019-8136
MISC magento -- magento An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data allows an attacker to limited access to underlying XML data. 2019-11-06 7.5 CVE-2019-8158
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution. 2019-11-06 7.5 CVE-2019-8135
MISC minidlna -- minidlna MiniDLNA has heap-based buffer overflow 2019-11-01 7.5 CVE-2013-2739
MISC
MISC minidlna -- minidlna minidlna has SQL Injection that may allow retrieval of arbitrary files 2019-11-01 7.5 CVE-2013-2738
MISC
MISC
MISC
MISC nvu -- nvu Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. 2019-11-05 7.5 CVE-2005-2354
MISC
MISC
MISC php-gettext -- php-gettext The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. 2019-11-04 7.5 CVE-2015-8980
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM portainer -- portainer Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). 2019-11-07 9 CVE-2019-16872
MISC python_sofware_foundation_and_beanbag -- djblets_and_review_board An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. 2019-11-04 7.5 CVE-2013-4409
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC qualcomm -- multiple_products Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 2019-11-06 7.5 CVE-2019-10528
CONFIRM qualcomm -- multiple_products Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 10 CVE-2019-10533
CONFIRM qualcomm -- multiple_products Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 7.5 CVE-2019-10505
CONFIRM qualcomm -- multiple_products While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 7.5 CVE-2019-10522
CONFIRM qualcomm -- multiple_products While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8976, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM8150 2019-11-06 7.5 CVE-2019-2302
CONFIRM qualcomm -- multiple_products Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20 2019-11-06 7.5 CVE-2019-10542
CONFIRM qualcomm -- multiple_products Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, QCN7605, QCS405, QCS605, SDM845, SDX24, SXR1130 2019-11-06 7.5 CVE-2019-10565
CONFIRM qualcomm -- multiple_products Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 10 CVE-2019-10541
CONFIRM qualcomm -- multiple_products Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 10 CVE-2019-10534
CONFIRM qualcomm -- multiple_products Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439 2019-11-06 10 CVE-2019-10531
CONFIRM qualcomm -- multiple_products Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 9.3 CVE-2019-10529
CONFIRM qualcomm -- multiple_products Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 2019-11-06 10 CVE-2019-2249
CONFIRM qualcomm -- multiple_products Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2283
CONFIRM qualcomm -- multiple_products Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 2019-11-06 10 CVE-2019-2258
CONFIRM qualcomm -- multiple_products Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574, QCS605, Qualcomm 215, SD 425, SD 427, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 2019-11-06 7.2 CVE-2019-2246
CONFIRM qualcomm -- multiple_products When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24 2019-11-06 10 CVE-2019-2324
CONFIRM qualcomm -- multiple_products Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2325
CONFIRM qualcomm -- multiple_products Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-11-06 10 CVE-2019-2285
CONFIRM qualcomm -- multiple_products Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2332
CONFIRM qualcomm -- multiple_products Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2323
CONFIRM qualcomm -- multiple_products Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2331
CONFIRM quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir]. 2019-11-06 7.5 CVE-2019-12918
MISC
MISC rbot -- rbot Rbot Reaction plugin allows command execution 2019-11-06 7.5 CVE-2010-2446
MISC
MISC red_hat -- openshift cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. 2019-11-01 7.5 CVE-2013-0165
MISC s9y -- serendipity Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. 2019-11-05 7.5 CVE-2011-1134
CONFIRM
DEBIAN
SECTRACK
MISC salesagility -- suitecrm SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. 2019-11-06 7.5 CVE-2019-18784
MISC
MISC shadow_and_sudo -- shadow_and_sudo There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. 2019-11-04 7.2 CVE-2005-4890
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC sonatype  -- nexus_repository_manager There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. 2019-11-01 9 CVE-2019-15588
MISC
CONFIRM twiki -- twiki TWiki allows arbitrary shell command execution via the Include function 2019-11-01 7.5 CVE-2005-3056
DEBIAN
MISC
CONFIRM twiki -- twiki TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. 2019-11-07 10 CVE-2013-1751
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. 2019-11-05 9.4 CVE-2010-3671
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. 2019-11-06 7.5 CVE-2011-4628
MISC
CONFIRM xlockmore -- xlockmore xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. 2019-11-06 7.5 CVE-2006-0061
MISC
MISC
MISC xlockmore -- xlockmore xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. 2019-11-06 7.5 CVE-2006-0062
MISC
MISC youphptube -- youphptube An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. 2019-11-02 7.5 CVE-2019-18662
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 360 -- multiple_routers A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897. 2019-11-04 6.5 CVE-2018-19031
MISC alqo -- alqo alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19161
MISC
MISC amazon_web_services -- freertos+fat Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache(). 2019-11-04 5 CVE-2019-18178
MISC atlassian -- jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. 2019-11-01 4 CVE-2019-16909
MISC
MISC atlassian -- jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. 2019-11-01 5 CVE-2019-16908
MISC
MISC avast -- antivirus A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 4.3 CVE-2019-18653
MISC
MISC avg_technologies -- antivirus A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 4.3 CVE-2019-18654
MISC
MISC broadcom -- brocade_sannav A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. 2019-11-08 5.8 CVE-2019-16209
CONFIRM broadcom -- brocade_sannav Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. 2019-11-08 4.6 CVE-2019-16207
CONFIRM centurylink -- technicolor_c2000t_and_c2100t_modems Technicolor C2000T and C2100T uses hard-coded cryptographic keys. 2019-11-06 4.3 CVE-2015-7276
MISC
MISC cisco -- enterprise_chat_and_email A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1. 2019-11-05 4.3 CVE-2019-1877
CISCO cisco -- multiple_products A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. 2019-11-05 5 CVE-2019-1978
CISCO cisco -- multiple_products A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy. 2019-11-05 5 CVE-2019-1980
CISCO cisco -- multiple_products A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked. 2019-11-05 5 CVE-2019-1981
CISCO cisco -- multiple_products A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. 2019-11-05 5 CVE-2019-1982
CISCO cisco -- telepresence_advanced_media_gateway A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition. 2019-11-05 6.8 CVE-2019-15966
CISCO clamav -- clamav ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. 2019-11-05 5 CVE-2019-12625
MISC clamav -- clamav ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. 2019-11-05 5 CVE-2019-1789
MISC cloakcoin -- cloakcoin CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19167
MISC
MISC computing_for_good -- basic_laboratory_information_system Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation. 2019-11-06 5 CVE-2019-5643
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting 2019-11-05 4.3 CVE-2013-4107
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Remote Denial of Service via username 2019-11-04 5 CVE-2013-4100
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure 2019-11-04 5 CVE-2013-4105
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness 2019-11-04 5 CVE-2013-4101
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat has an Unspecified Chat Participant User List Disclosure 2019-11-05 5 CVE-2013-4110
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat strophe.js before 2.0.22 has information disclosure 2019-11-04 5 CVE-2013-2262
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness 2019-11-04 6.4 CVE-2013-4102
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness 2019-11-04 5 CVE-2013-2260
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure 2019-11-04 5 CVE-2013-2261
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol 2019-11-04 5 CVE-2013-4104
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Nickname User Impersonation 2019-11-04 5 CVE-2013-2258
MISC
MISC
MISC cryptocat_project -- cryptocat
  Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness 2019-11-04 5 CVE-2013-2257
MISC
MISC
MISC diamond -- diamond Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19160
MISC
MISC divi_project -- divi Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19162
MISC
MISC djvulibre -- djvulibre DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. 2019-11-07 5 CVE-2019-18804
MISC
MLIST
MISC eclipse -- jetty Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. 2019-11-06 4.3 CVE-2009-5048
MISC
MISC
MLIST eclipse -- jetty WebApp JSP Snoop page XSS in jetty though 6.1.21. 2019-11-06 4.3 CVE-2009-5049
MISC
MISC
MLIST emercoin -- emercoin emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-11-05 5 CVE-2018-19152
MISC
MISC f5 -- big-ip On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. 2019-11-01 4 CVE-2019-6658
CONFIRM f5 -- big-ip On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. 2019-11-01 4.3 CVE-2019-6657
CONFIRM fastweb -- fastgate Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. 2019-11-02 5 CVE-2019-18661
MISC
MISC federal_communications_commission -- wireless_emergency_alerts The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. 2019-11-02 5 CVE-2019-18659
MISC forcepoint -- email_security It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. 2019-11-05 4.3 CVE-2019-6142
CONFIRM foswiki -- foswiki Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. 2019-11-01 6.8 CVE-2013-1666
CONFIRM
MISC
MISC
MISC freebsd -- nsd FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. 2019-11-01 4.3 CVE-2012-2979
MISC
CONFIRM
MISC glpi_project -- glpi GLPI 0.83.7 has Local File Inclusion in common.tabs.php. 2019-11-01 5 CVE-2013-2227
MISC
MISC
MISC
MISC
MISC gnome -- evince evince is missing a check on number of pages which can lead to a segmentation fault 2019-11-01 4.3 CVE-2013-3718
MISC
MISC
MISC
MISC gnu -- glibc slim has NULL pointer dereference when using crypt() method from glibc 2.17 2019-11-04 5 CVE-2013-4412
MISC
MISC
MISC
MISC
MISC
MISC gnuboard -- gnuboard5 GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter. 2019-11-07 4.3 CVE-2018-18674
MISC
MISC
MISC gource -- gource Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. 2019-11-07 5.5 CVE-2010-2449
CONFIRM
MISC
BID gs-gpl -- gs-gpl I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. 2019-11-01 6.8 CVE-2005-2352
MISC
MISC horde -- groupware_webmail_edition Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. 2019-11-05 4.3 CVE-2013-6275
MISC
MISC
MISC
MISC
MISC
MISC
MISC htmlcoin -- htmlcoin HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-11-05 5 CVE-2018-19154
MISC
MISC icoutils -- icoutils The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. 2019-11-04 6.8 CVE-2017-5332
SUSE
SUSE
SUSE
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM icoutils -- icoutils Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. 2019-11-04 4.6 CVE-2017-5331
SUSE
SUSE
SUSE
DEBIAN
MLIST
BID
UBUNTU
CONFIRM icoutils -- icoutils Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. 2019-11-04 6.8 CVE-2017-5333
SUSE
SUSE
SUSE
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM internet_systems_consortium -- bind There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. 2019-11-01 5 CVE-2019-6470
CONFIRM
REDHAT
CONFIRM
CONFIRM
CONFIRM investintech -- able2extract_professional An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file. 2019-11-05 6.8 CVE-2019-5089
MISC investintech -- able2extract_professional An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file. 2019-11-05 6.8 CVE-2019-5088
MISC joomla! -- joomla! An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure. 2019-11-06 5 CVE-2019-18674
MISC joomla! -- joomla! An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. 2019-11-06 6.8 CVE-2019-18650
MISC konversation -- konversation konversation before 1.2.3 allows attackers to cause a denial of service. 2019-11-06 5 CVE-2009-5050
MISC
MISC
MLIST kubernetes -- kube-state-metrics A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. 2019-11-05 4 CVE-2019-10223
CONFIRM
MISC lead_technologies -- leadtools An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. 2019-11-06 6.8 CVE-2019-5125
MISC lead_technologies -- leadtools An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF image to trigger this vulnerability. 2019-11-06 6.8 CVE-2019-5084
MISC lead_technologies -- leadtools An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability. 2019-11-06 6.8 CVE-2019-5100
MISC lead_technologies -- leadtools An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability. 2019-11-06 6.8 CVE-2019-5099
MISC linux -- linux_kernel Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11. 2019-11-07 5 CVE-2019-18807
MISC
MISC linux -- linux_kernel ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. 2019-11-01 4.6 CVE-2013-4367
MISC
MISC linux -- linux_kernel A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. 2019-11-07 5 CVE-2019-18808
MISC linux -- linux_kernel An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. 2019-11-04 6.9 CVE-2019-18683
MLIST
MISC
MISC luxcore -- luxcoin lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19159
MISC
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway. 2019-11-06 6.5 CVE-2019-8151
MISC magento -- magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database. 2019-11-06 4 CVE-2019-8143
MISC magento -- magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page. 2019-11-05 5 CVE-2019-8116
MISC magento -- magento Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. 2019-11-05 5 CVE-2019-8113
MISC magento -- magento A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation. 2019-11-05 5 CVE-2019-8112
MISC magento -- magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation. 2019-11-05 6.5 CVE-2019-8127
MISC magento -- magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates. 2019-11-06 6.5 CVE-2019-8130
MISC magento -- magento In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. 2019-11-06 6.5 CVE-2019-8231
MISC magento -- magento Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. 2019-11-05 5 CVE-2019-8118
MISC magento -- magento An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. 2019-11-05 5 CVE-2019-8123
MISC magento -- magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables. 2019-11-06 6.5 CVE-2019-8134
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update. 2019-11-06 6.5 CVE-2019-8137
MISC magento -- magento In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path. 2019-11-06 6.5 CVE-2019-8230
MISC magento -- magento In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates. 2019-11-06 6.5 CVE-2019-8229
MISC magento -- magento A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution. 2019-11-06 6.5 CVE-2019-8156
MISC magento -- magento In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification. 2019-11-06 6 CVE-2019-8232
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution. 2019-11-05 6 CVE-2019-8109
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout. 2019-11-06 6.5 CVE-2019-8150
MISC magento -- magento In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. 2019-11-06 4.3 CVE-2019-8233
MISC magento -- magento A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious XSS payload. 2019-11-06 4.3 CVE-2019-8153
MISC magento -- magento A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. 2019-11-05 6.5 CVE-2019-8091
MISC magento -- magento An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file. 2019-11-06 4 CVE-2019-8140
MISC magento -- magento A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service. 2019-11-06 4 CVE-2019-8133
MISC magento -- magento An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure. 2019-11-05 4 CVE-2019-8126
MISC magento -- magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management. 2019-11-05 4 CVE-2019-8108
MISC magento -- magento An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks. 2019-11-05 5 CVE-2019-8124
MISC magento -- magento An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature. 2019-11-05 5.5 CVE-2019-8090
MISC magento -- magento Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions. 2019-11-06 5 CVE-2019-8155
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in the import functionality. 2019-11-06 6.5 CVE-2019-8141
MISC magento -- magento An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion. 2019-11-05 5.5 CVE-2019-8107
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. 2019-11-05 6.5 CVE-2019-8111
MISC magento -- magento A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload. 2019-11-05 6.5 CVE-2019-8114
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution. 2019-11-05 6.5 CVE-2019-8122
MISC magento -- magento A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution. 2019-11-05 6.5 CVE-2019-8125
MISC magento -- magento
  A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. 2019-11-05 6.5 CVE-2019-8110
MISC magento -- magento
  An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files. 2019-11-05 6.5 CVE-2019-8093
MISC magento -- magento
  A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution. 2019-11-05 6.5 CVE-2019-8119
MISC mantisbt -- mantisbt An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". 2019-11-07 4 CVE-2013-1811
MISC
MISC
MISC
CONFIRM
MISC miniupnpd -- miniupnpd MiniUPnPd has information disclosure use of snprintf() 2019-11-01 5 CVE-2013-2600
MISC
MISC
MISC
MISC
MISC mondo -- mondo Mondo 2.24 has insecure handling of temporary files. 2019-11-07 6.4 CVE-2007-3915
MISC navcoin -- navcoin navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-11-05 5 CVE-2018-19155
MISC
MISC neblio -- neblio neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19165
MISC
MISC nicehash -- miner An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses. 2019-11-06 5 CVE-2019-6120
MISC
MISC nicehash -- miner A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address. 2019-11-06 4.3 CVE-2019-6122
MISC
MISC nicehash -- miner An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information. 2019-11-06 4.3 CVE-2019-6121
MISC
MISC nokogiri_gem_for_ruby_on_rails -- nokogiri_gem_for_ruby_on_rails Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents 2019-11-05 4.3 CVE-2013-6460
MISC
MISC
MISC
MISC
MISC
MISC
MISC nokogiri_gem_for_ruby_on_rails -- nokogiri_gem_for_ruby_on_rails Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits 2019-11-05 4.3 CVE-2013-6461
MISC
MISC
MISC
MISC
MISC
MISC oetiker+partner -- smokeping Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. 2019-11-01 4.3 CVE-2013-4168
MISC
MISC
MISC
MISC
MISC
MISC one_identity -- cloud_access_manager One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. 2019-11-04 4.3 CVE-2019-13497
MISC
CONFIRM one_identity -- cloud_access_manager One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. 2019-11-04 4.3 CVE-2019-13496
MISC
CONFIRM open_build_service -- open_build_service Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary 2019-11-05 6.8 CVE-2019-3685
CONFIRM openstack -- keystone_and_compute HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. 2019-11-01 4.3 CVE-2013-2255
MISC
MISC
MISC
MISC
MISC
MISC
MISC openttd -- openttd OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. 2019-11-07 4 CVE-2012-0049
CONFIRM
MISC
MISC
MISC
MISC oxid -- multiple_products An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation. 2019-11-05 6.8 CVE-2019-17062
MISC pagure -- pagure Pagure: XSS possible in file attachment endpoint 2019-11-06 4.3 CVE-2016-1000037
MISC
MISC
MISC
MISC particl -- particl particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-11-05 5 CVE-2018-19153
MISC
MISC peercoin -- peercoin peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19166
MISC
MISC pfsense -- pfsense /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser. 2019-11-02 4.3 CVE-2019-18667
MISC phantomjs -- phantomjs PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed. 2019-11-05 5 CVE-2019-17221
MISC phore -- phore Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19157
MISC
MISC pivx -- pivx PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19156
MISC
MISC popojicms -- popojicms po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. 2019-11-07 4.3 CVE-2019-18816
MISC popojicms -- popojicms PopojiCMS 2.0.1 allows refer= Open Redirection. 2019-11-07 5.8 CVE-2019-18815
MISC portainer -- portainer Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). 2019-11-07 6.5 CVE-2019-16877
MISC portainer -- portainer Portainer before 1.22.1 allows Directory Traversal. 2019-11-07 5 CVE-2019-16876
MISC portainer -- portainer Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). 2019-11-07 4 CVE-2019-16874
MISC progress -- sitefinity_cms Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title. 2019-11-06 4.3 CVE-2017-18639
MISC qualcomm -- multiple_products Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 4.6 CVE-2019-10524
CONFIRM qualcomm -- multiple_products Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 2019-11-06 5 CVE-2019-10504
CONFIRM qualcomm -- multiple_products DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 4.9 CVE-2019-10515
CONFIRM qualcomm -- multiple_products Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 5 CVE-2019-10488
CONFIRM qualcomm -- multiple_products Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24 2019-11-06 4.6 CVE-2019-10502
CONFIRM
MISC qualcomm -- multiple_products ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 4.6 CVE-2019-10491
CONFIRM qualcomm -- multiple_products Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130 2019-11-06 4.6 CVE-2019-10512
CONFIRM qualcomm -- multiple_products Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-11-06 4.6 CVE-2019-10496
CONFIRM qualcomm -- multiple_products Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-11-06 4.6 CVE-2019-10495
CONFIRM quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir]. 2019-11-06 6.5 CVE-2019-13076
MISC
MISC quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users. 2019-11-06 4.3 CVE-2019-13077
MISC
MISC quest -- kace_systems_management_appliance_server_center A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. 2019-11-06 4.3 CVE-2019-12917
MISC
MISC quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column. 2019-11-06 6.5 CVE-2019-13078
MISC
MISC quest -- kace_systems_management_appliance_server_center
  Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME. 2019-11-06 6.5 CVE-2019-13079
MISC
MISC red_hat -- cloud_forms_management_engine Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-11-01 4.3 CVE-2013-0186
CONFIRM
MISC red_hat -- directory_server_8_and_389_directory_server The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. 2019-11-05 5 CVE-2010-2222
MISC
MISC red_hat -- jboss_aerogear JBoss AeroGear has reflected XSS via the password field 2019-11-04 4.3 CVE-2014-3649
MISC
MISC reddcoin -- reddcoin reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19164
MISC
MISC s9y -- serendipity Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. 2019-11-05 4.3 CVE-2011-1135
CONFIRM
DEBIAN
SECTRACK
MISC s9y -- serendipity Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. 2019-11-05 4.3 CVE-2011-1133
CONFIRM
DEBIAN
SECTRACK
MISC samba -- samba A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue. 2019-11-06 4 CVE-2019-14847
SUSE
CONFIRM
MISC sap -- sap_hana_database SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service 2019-11-04 5 CVE-2019-0350
MISC
MISC sass -- libsass LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. 2019-11-06 4.3 CVE-2019-18797
MISC sass -- libsass LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. 2019-11-06 4.3 CVE-2019-18798
MISC sass -- libsass LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. 2019-11-06 4.3 CVE-2019-18799
MISC scipy -- scipy The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. 2019-11-04 4.6 CVE-2013-4251
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC secudos -- domos The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. 2019-11-02 5 CVE-2019-18665
MISC
MISC
MISC sourceforge -- archivemail archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. 2019-11-06 6.8 CVE-2006-4245
MISC
MISC stratisx_project -- stratisx stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19163
MISC
MISC symantec -- sonar_component The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. 2019-11-01 4.1 CVE-2019-12752
CONFIRM symfony -- symfony php-symfony2-Validator has loss of information during serialization 2019-11-01 4.9 CVE-2013-4751
MISC
MISC
MISC
MISC
MISC
MISC typo3 -- typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. 2019-11-06 4 CVE-2011-4627
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.5.4 allows Information Disclosure in the backend. 2019-11-06 4 CVE-2011-4900
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. 2019-11-04 5 CVE-2010-3668
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. 2019-11-04 5 CVE-2010-3667
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. 2019-11-04 5 CVE-2010-3666
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. 2019-11-04 4.9 CVE-2010-3669
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. 2019-11-05 5 CVE-2010-3673
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. 2019-11-06 4 CVE-2011-4901
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. 2019-11-06 4 CVE-2011-4904
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.4.1 allows XSS in the frontend search box. 2019-11-05 4.3 CVE-2010-3674
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. 2019-11-04 6.5 CVE-2010-3663
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. 2019-11-06 5.5 CVE-2011-4902
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. 2019-11-06 4.3 CVE-2011-4903
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. 2019-11-05 5.8 CVE-2010-3670
MISC
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. 2019-11-06 4.3 CVE-2011-4626
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. 2019-11-04 6.5 CVE-2010-3662
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. 2019-11-01 5.8 CVE-2010-3661
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. 2019-11-05 4.3 CVE-2010-3672
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. 2019-11-04 4 CVE-2010-3664
MISC
MISC
CONFIRM viewvc -- viewvc viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. 2019-11-07 4.3 CVE-2007-5743
MISC
MISC websieve -- websieve Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. 2019-11-01 4.3 CVE-2005-2350
MISC
MISC wordpress -- wordpress An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price. 2019-11-02 4 CVE-2019-18668
MISC
MISC
MISC wordpress -- wordpress Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter. 2019-11-06 4 CVE-2014-9014
MISC
MISC wordpress -- wordpress The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user. 2019-11-06 6.5 CVE-2014-9013
MISC wordpress -- wordpress An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. 2019-11-06 5 CVE-2018-20853
CONFIRM zoho_manageengine -- adselfservice_plus Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own. 2019-11-06 6.8 CVE-2019-18411
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info archos -- safe-t_devices On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 1.9 CVE-2019-14358
MISC broadcom -- brocade_sannav Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. 2019-11-08 2.1 CVE-2019-16210
CONFIRM dovecot -- dovecot A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. 2019-11-05 2.1 CVE-2016-4983
MISC
MISC
MISC eximious -- logo_designer Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053. 2019-11-07 1.9 CVE-2019-18821
MISC eximious -- logo_designer Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78. 2019-11-07 2.1 CVE-2019-18820
MISC eximious -- logo_designer Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7. 2019-11-07 2.1 CVE-2019-18819
MISC horde -- groupware_webmail_edition Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions 2019-11-05 2.6 CVE-2013-6365
MISC
MISC
MISC
MISC
MISC
MISC hyundai -- pay_kasse_hk-1000_devices On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 1.9 CVE-2019-14360
MISC jitbit -- asp_.net_forum A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. 2019-11-01 3.5 CVE-2019-18636
MISC
MISC lightbend -- play_framework An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host. 2019-11-05 3.5 CVE-2019-17598
MISC
CONFIRM linux -- linux_kernel In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. 2019-11-06 2.1 CVE-2019-18786
MISC linux -- linux_kernel A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. 2019-11-07 2.1 CVE-2019-18806
MISC
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event. 2019-11-06 3.5 CVE-2019-8138
MISC magento -- magento in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. 2019-11-06 3.5 CVE-2019-8228
MISC magento -- magento In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. 2019-11-06 3.5 CVE-2019-8227
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization. 2019-11-06 3.5 CVE-2019-8157
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products. 2019-11-06 3.5 CVE-2019-8145
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder. 2019-11-06 3.5 CVE-2019-8148
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label. 2019-11-06 3.5 CVE-2019-8147
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores. 2019-11-06 3.5 CVE-2019-8146
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard. 2019-11-06 3.5 CVE-2019-8152
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website. 2019-11-06 3.5 CVE-2019-8128
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store. 2019-11-06 3.5 CVE-2019-8142
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard. 2019-11-06 3.5 CVE-2019-8132
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation. 2019-11-06 3.5 CVE-2019-8129
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source. 2019-11-06 3.5 CVE-2019-8131
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address. 2019-11-05 3.5 CVE-2019-8120
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification. 2019-11-05 3.5 CVE-2019-8117
MISC magento -- magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation. 2019-11-05 3.5 CVE-2019-8115
MISC magento -- magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview. 2019-11-05 3.5 CVE-2019-8092
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product. 2019-11-06 3.5 CVE-2019-8139
MISC multiple_vendors -- bind_and_nsd_and_knot_name_servers Cache Poisoning issue exists in DNS Response Rate Limiting. 2019-11-05 2.6 CVE-2013-5661
MISC
MISC
MISC oracle -- mysql MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console 2019-11-06 2.1 CVE-2010-4178
MISC
MISC
MISC
MISC portainer -- portainer Portainer before 1.22.1 has XSS (issue 2 of 2). 2019-11-07 3.5 CVE-2019-16878
MISC portainer -- portainer Portainer before 1.22.1 has XSS (issue 1 of 2). 2019-11-07 3.5 CVE-2019-16873
MISC qualcomm -- multiple_products While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-11-06 2.1 CVE-2019-2275
CONFIRM quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser. 2019-11-06 3.5 CVE-2019-13080
MISC
MISC quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser. 2019-11-06 3.5 CVE-2019-13081
MISC
MISC red_hat -- enterprise_linux_7_and_mrg-2 The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. 2019-11-06 2.1 CVE-2014-8181
MISC red_hat -- virtual_desktop_server_manager Insecure temporary file vulnerability in RedHat vsdm 4.9.6. 2019-11-04 2.1 CVE-2013-4280
MISC
MISC
MISC red_hat -- cloudforms CloudForms stores user passwords in recoverable format 2019-11-04 2.1 CVE-2013-4423
MISC
MISC red_hat -- update_infrastructure RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates 2019-11-04 2.1 CVE-2013-4518
MISC
MISC redislabs -- redis Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. 2019-11-01 3.6 CVE-2013-0180
MLIST
MISC redislabs -- redis Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. 2019-11-01 3.6 CVE-2013-0178
MISC
MISC
MISC
MISC
MISC
MISC rhq -- mongo_db_drift_server An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. 2019-11-04 3.6 CVE-2013-4374
MISC
MISC secudos -- domos The Log module in SECUDOS DOMOS before 5.6 allows XSS. 2019-11-02 3.5 CVE-2019-18664
MISC
MISC shift_cryptosecurity -- bitbox02 On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. Note: BIP39 secrets are not displayed by default on this device. The side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 1.9 CVE-2019-18673
MISC typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. 2019-11-06 3.5 CVE-2011-4632
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. 2019-11-06 3.5 CVE-2011-4631
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. 2019-11-06 3.5 CVE-2011-4630
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. 2019-11-06 3.5 CVE-2011-4629
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. 2019-11-04 3.5 CVE-2010-3665
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. 2019-11-01 3.5 CVE-2010-3660
MISC
MISC
CONFIRM Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info alsa_project -- alsa-utils alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. 2019-11-09 not yet calculated CVE-2009-0035
MISC
MISC
MISC apache -- arrow While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. 2019-11-08 not yet calculated CVE-2019-12410
MLIST
MLIST
MLIST apache -- arrow It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. 2019-11-08 not yet calculated CVE-2019-12408
CONFIRM
MLIST apache -- cxf Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". 2019-11-06 not yet calculated CVE-2019-12406
CONFIRM apache -- cxf Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. 2019-11-06 not yet calculated CVE-2019-12419
CONFIRM apache -- impala In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. 2019-11-05 not yet calculated CVE-2019-10084
MLIST
CONFIRM apache -- qpid-cpp qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . 2019-11-09 not yet calculated CVE-2009-5004
MISC
MISC
MISC
MISC arm -- mbed_os A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on. 2019-11-04 not yet calculated CVE-2019-17210
CONFIRM arm -- mbed_os
  An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message. 2019-11-05 not yet calculated CVE-2019-17211
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC arm -- mbed_os
  Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated. 2019-11-05 not yet calculated CVE-2019-17212
MISC
MISC
MISC
MISC
MISC
MISC
MISC atlassian -- jira_service_desk_server_and_service_desk_data_center The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. 2019-11-07 not yet calculated CVE-2019-15004
MISC
MISC
BUGTRAQ atlassian -- jira_service_desk_server_and_service_desk_data_center The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. 2019-11-07 not yet calculated CVE-2019-15003
MISC
MISC
BUGTRAQ

atlassian -- multiple_products

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2. 2019-11-08 not yet calculated CVE-2019-15005
MISC broadcom -- brocade_sannav A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. 2019-11-08 not yet calculated CVE-2019-16205
CONFIRM broadcom -- brocade_sannav Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). 2019-11-08 not yet calculated CVE-2019-16208
CONFIRM broadcom -- brocade_sannav
  The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. 2019-11-08 not yet calculated CVE-2019-16206
CONFIRM

centrify -- authentication_service_and_privilege_elevation_service

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file. 2019-11-05 not yet calculated CVE-2019-18631
CONFIRM ceph -- ceph A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. 2019-11-08 not yet calculated CVE-2019-10222
CONFIRM
MISC cisco-- fxos_and_nx-os_software A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. 2019-11-05 not yet calculated CVE-2019-1734
CISCO clamav -- clamav clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. 2019-11-07 not yet calculated CVE-2007-6745
MISC
MISC
MISC cross-origin_resource_sharing -- cross-origin_resource_sharing It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. 2019-11-08 not yet calculated CVE-2019-14860
CONFIRM dell_emc -- idrac8 Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. 2019-11-07 not yet calculated CVE-2019-3764
CONFIRM drupal -- drupal Drupal 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. 2019-11-07 not yet calculated CVE-2010-2250
MISC
CONFIRM
MLIST drupal -- drupal drupal6 version 6.16 has open redirection 2019-11-06 not yet calculated CVE-2010-2471
MISC
MISC
MISC
CONFIRM
MLIST drupal -- drupal Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. 2019-11-07 not yet calculated CVE-2010-2472
MISC
CONFIRM
MLIST drupal -- drupal Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. 2019-11-07 not yet calculated CVE-2010-2473
MISC
CONFIRM
MLIST dtc-xen -- dtc-xen dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. 2019-11-09 not yet calculated CVE-2009-4011
MISC
MISC
MISC eclipse -- jetty Dump Servlet information leak in jetty before 6.1.22. 2019-11-06 not yet calculated CVE-2009-5045
MISC
MISC
MLIST eclipse -- jetty JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. 2019-11-06 not yet calculated CVE-2009-5046
MISC
MISC
MLIST energycap -- energycap Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard. 2019-11-08 not yet calculated CVE-2019-18623
CONFIRM
CONFIRM eyecomms -- eyecms A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed. 2019-11-07 not yet calculated CVE-2019-17605
MISC
MISC eyecomms -- eyecms An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter). 2019-11-07 not yet calculated CVE-2019-17604
MISC
MISC firegpg -- firegpg FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key. 2019-11-08 not yet calculated CVE-2008-7272
MISC
MISC
MISC gambas -- gambas Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. 2019-11-07 not yet calculated CVE-2013-1809
MISC
MISC
MISC
MISC
MISC
CONFIRM gdm3 -- gdm3 gdm3 3.14.2 and possibly later has an information leak before screen lock 2019-11-05 not yet calculated CVE-2016-1000002
MISC
MISC
MISC
MISC gitolite -- gitolite gitolite before 1.4.1 does not filter src/ or hooks/ from path names. 2019-11-07 not yet calculated CVE-2010-2447
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST google -- chrome Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function. 2019-11-07 not yet calculated CVE-2011-2353
MISC
MISC
MISC
MISC google -- chrome Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13. 2019-11-07 not yet calculated CVE-2011-2807
MISC
MISC google -- chrome WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. 2019-11-05 not yet calculated CVE-2011-1460
MISC
MISC
MISC google -- chrome A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms. 2019-11-07 not yet calculated CVE-2011-2337
MISC
MISC
MISC google -- chrome The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin. 2019-11-05 not yet calculated CVE-2011-1459
MISC
MISC
MISC google -- chrome An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function. 2019-11-06 not yet calculated CVE-2011-1298
MISC
MISC
MISC google -- chrome An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. 2019-11-07 not yet calculated CVE-2011-2336
MISC
MISC
MISC google -- chrome
  A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed. 2019-11-06 not yet calculated CVE-2011-2808
MISC
MISC
MISC
MISC
MISC
MISC
MISC hibernate -- hibernate_validator A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. 2019-11-08 not yet calculated CVE-2019-10219
CONFIRM horde -- groupware_webmail_edition Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book 2019-11-05 not yet calculated CVE-2013-6364
MISC
MISC
MISC
MISC
MISC
MISC hp -- inkjet_priniters For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device. 2019-11-07 not yet calculated CVE-2019-6337
MISC hp -- multiple_products A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. 2019-11-05 not yet calculated CVE-2019-16284
CONFIRM hpe -- nimble_storage_systems Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older 2019-11-07 not yet calculated CVE-2019-11996
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369. 2019-11-09 not yet calculated CVE-2018-1721
XF
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271. 2019-11-09 not yet calculated CVE-2019-4334
XF
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. 2019-11-09 not yet calculated CVE-2019-4645
XF
CONFIRM ibm -- cognos_controller IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659. 2019-11-09 not yet calculated CVE-2019-4412
XF
CONFIRM ibm -- cognos_controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. 2019-11-09 not yet calculated CVE-2019-4411
XF
CONFIRM ibm -- i IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. 2019-11-09 not yet calculated CVE-2019-4450
XF
CONFIRM ibm -- qradar IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618. 2019-11-09 not yet calculated CVE-2019-4454
XF
CONFIRM ibm -- qradar IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239. 2019-11-09 not yet calculated CVE-2019-4581
XF
CONFIRM ibm -- qradar IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205. 2019-11-09 not yet calculated CVE-2019-4556
XF
CONFIRM ibm -- qradar IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. 2019-11-09 not yet calculated CVE-2019-4509
XF
CONFIRM ibm -- qradar IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779. 2019-11-09 not yet calculated CVE-2019-4470
XF
CONFIRM intelbras -- wrn_150_devices An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). 2019-11-07 not yet calculated CVE-2019-17222
MISC ldap-git-backup -- ldap-git-backup ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. 2019-11-07 not yet calculated CVE-2013-1425
CONFIRM
MISC
MISC liboping -- liboping liboping 1.3.2 allows users reading arbitrary files upon the local system. 2019-11-09 not yet calculated CVE-2009-3614
MISC
MISC lintian -- lintian Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. 2019-11-07 not yet calculated CVE-2013-1429
MISC
MISC
MISC
MISC linux -- linux_kernel In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. 2019-11-07 not yet calculated CVE-2007-3732
MISC
MISC
MISC magento -- magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication. 2019-11-06 not yet calculated CVE-2019-8149
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update. 2019-11-06 not yet calculated CVE-2019-8154
MISC mahara -- mahara Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. 2019-11-07 not yet calculated CVE-2013-1426
CONFIRM
CONFIRM
MISC makepasswd -- makepasswd makepasswd 1.10 default settings generate insecure passwords 2019-11-06 not yet calculated CVE-2010-2247
MISC
MISC mantisbt -- mantisbt MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. 2019-11-09 not yet calculated CVE-2009-2802
CONFIRM
CONFIRM
MISC matrix -- synapse Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. 2019-11-08 not yet calculated CVE-2019-18835
MISC
MISC medtronic -- valleylab_exchange_client_server Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. 2019-11-08 not yet calculated CVE-2019-13539
MISC medtronic -- valleylab_exchange_client_server Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. 2019-11-08 not yet calculated CVE-2019-13543
MISC medtronic -- valleylab_ft10_energy_platform In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. 2019-11-08 not yet calculated CVE-2019-13531
MISC medtronic -- valleylab_ft10_energy_platform In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. 2019-11-08 not yet calculated CVE-2019-13535
MISC mesa_3d -- mesa_3d_graphics_library An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. 2019-11-05 not yet calculated CVE-2019-5068
MISC mod_ruid2 -- mod_ruid2 mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. 2019-11-08 not yet calculated CVE-2013-1889
MISC
MISC
MISC
CONFIRM monkeyd -- monkeyd The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. 2019-11-07 not yet calculated CVE-2013-1771
MISC
MISC nvidia -- geforce_experience NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution. 2019-11-09 not yet calculated CVE-2019-5701
CONFIRM nvidia -- geforce_experience NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. 2019-11-09 not yet calculated CVE-2019-5689
CONFIRM nvidia -- virtual_gpu_manager NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service. 2019-11-09 not yet calculated CVE-2019-5697
CONFIRM nvidia -- virtual_gpu_manager NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service. 2019-11-09 not yet calculated CVE-2019-5696
CONFIRM nvidia -- virtual_gpu_manager NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service. 2019-11-09 not yet calculated CVE-2019-5698
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service. 2019-11-09 not yet calculated CVE-2019-5693
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges. 2019-11-09 not yet calculated CVE-2019-5690
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service. 2019-11-09 not yet calculated CVE-2019-5692
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access. 2019-11-09 not yet calculated CVE-2019-5694
MISC nvidia -- windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges. 2019-11-09 not yet calculated CVE-2019-5691
CONFIRM openstack -- mistral An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. 2019-11-08 not yet calculated CVE-2019-3866
CONFIRM patriot -- viper_rgb The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. 2019-11-09 not yet calculated CVE-2019-18845
MISC philips -- tasy_emr In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. 2019-11-08 not yet calculated CVE-2019-13557
MISC phpoffice -- phpspreadsheet PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ?<!ENTITY? and thus allowing for an xml external entity processing (XXE) attack. 2019-11-07 not yet calculated CVE-2019-12331
CONFIRM
MISC python_packaging_authority -- python_package_installer The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. 2019-11-05 not yet calculated CVE-2013-5123
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC rapid7 -- metasploit_pro Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface. 2019-11-06 not yet calculated CVE-2019-5642
CONFIRM red_hat -- 389_directory_server A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. 2019-11-08 not yet calculated CVE-2019-14824
CONFIRM red_hat -- enterprise_linux_5 frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user. 2019-11-07 not yet calculated CVE-2008-3278
MISC
MISC
MISC red_hat -- jboss_operations_network In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. 2019-11-08 not yet calculated CVE-2008-5083
MISC
MISC red_hat -- tuned tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. 2019-11-08 not yet calculated CVE-2013-1820
MISC
MISC
MISC red_hat -- virtualization_manager In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. 2019-11-09 not yet calculated CVE-2009-3552
MISC
MISC
BUGTRAQ samba -- samba A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. 2019-11-06 not yet calculated CVE-2019-14833
SUSE
CONFIRM
MISC samba -- samba A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. 2019-11-06 not yet calculated CVE-2019-10218
SUSE
CONFIRM
MISC samsung -- multiple_products Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status. 2019-11-06 not yet calculated CVE-2019-16401
MISC samsung -- multiple_products Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks. 2019-11-06 not yet calculated CVE-2019-16400
MISC shibboleth -- shibboleth_service_provider The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. 2019-11-07 not yet calculated CVE-2010-2450
MISC
MISC
CONFIRM simplesamlphp -- simplesamlphp Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. 2019-11-07 not yet calculated CVE-2019-3465
MISC
MLIST
BUGTRAQ
MISC
DEBIAN simplesamlphp -- simplesamlphp simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. 2019-11-06 not yet calculated CVE-2011-4625
MISC
MISC strapi -- strapi strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. 2019-11-07 not yet calculated CVE-2019-18818
MISC
MISC
MISC syscp -- syscp syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. 2019-11-07 not yet calculated CVE-2010-2476
MISC
MISC
MLIST tahoe-lafs -- tahoe-lafs Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. 2019-11-07 not yet calculated CVE-2012-0051
MISC
MISC
MISC
MISC
MISC
CONFIRM

termpkg -- termpkg

termpkg 3.3 suffers from buffer overflow. 2019-11-06 not yet calculated CVE-2006-3100
MISC
MISC tmaxsoft -- jeus JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. 2019-11-08 not yet calculated CVE-2019-17327
MISC veritas -- multiple_products An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows. 2019-11-05 not yet calculated CVE-2019-18780
MISC
MISC
MISC
MISC viber -- viber Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 16 bytes of udid in a binary format, which is located at approximately offset 0x40 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS. 2019-11-06 not yet calculated CVE-2019-18800
MISC wolfssl -- wolfssl In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. 2019-11-09 not yet calculated CVE-2019-18840
MISC wordpress -- wordpress A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. 2019-11-08 not yet calculated CVE-2019-17661
MISC zte -- mf910s_router Security researcher Shen Ying from the Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security. 2019-11-07 not yet calculated CVE-2019-3422
CONFIRM zte -- zxupn-9000e The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. 2019-11-08 not yet calculated CVE-2019-3426
CONFIRM zte -- zxupn-9000e The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. 2019-11-08 not yet calculated CVE-2019-3425
CONFIRM Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Holiday Shopping, Phishing, and Malware Scams

US-CERT All NCAS Products - Fri, 11/08/2019 - 18:03
Original release date: November 8, 2019

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes.

CISA encourages users to remain vigilant and take the following precautions:

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Cisco Releases Security Updates

US-CERT All NCAS Products - Thu, 11/07/2019 - 17:34
Original release date: November 7, 2019

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments

US-CERT All NCAS Products - Wed, 11/06/2019 - 18:22
Original release date: November 6, 2019<br/><p>The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial (SLTT) governments, Cyber Essentials aims to equip these organizations with basic steps and resources to improve their cybersecurity resilience.</p> <p>CISA’s <a href="https://www.cisa.gov/sites/default/files/publications/19_1105_cisa_CISA-Cyber-Essentials.pdf">Fall 2019 Cyber Essentials infographic</a> includes a list of six actions organizations can take to reduce cyber risks:</p> <ul> <li>Drive cybersecurity strategy, investment, and culture;</li> <li>Develop security awareness and vigilance;</li> <li>Protect critical assets and applications;</li> <li>Ensure only those who belong on your digital workplace have access;</li> <li>Make backups and avoid the loss of information critical to operations; and</li> <li>Limit damage and quicken restoration of normal operations.</li> </ul> <p>CISA encourages small organizations to review <a href="https://www.cisa.gov/cisa/news/2019/11/06/cisa-releases-cyber-essentials-small-businesses-and-governments">CISA’s Cyber Essentials page</a> to learn more about improving their cybersecurity resilience.&nbsp;</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
Categories: LATEST ALERT

U.S. Cyber Command Shares Seven New Malware Samples

US-CERT All NCAS Products - Wed, 11/06/2019 - 13:15
Original release date: November 6, 2019<br/><p>U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s <a href="https://www.virustotal.com/en/user/CYBERCOM_Malware_Alert/">VirusTotal page</a> to view the samples. CISA also recommends users and administrators review the CISA Tip on <a href="https://www.us-cert.gov/ncas/tips/ST18-271 ">Protecting Against Malicious Code</a> for best practices on protecting systems and networks against malware.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
Categories: LATEST ALERT

CSET Version 9.2 Now Available

US-CERT All NCAS Products - Mon, 11/04/2019 - 17:15
Original release date: November 4, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool that guides asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations.

CSET 9.2 includes the following feature enhancements and upgrades:

  • Web-based diagram editor
  • Enhanced reporting
  • New capability maturity model for financial sector customers
  • National Credit Union Administration (NCUA) Automated Cybersecurity Examination Tool (ACET) Standard
  • Financial sector risk assessment wizard
  • New analysis for network diagram questions
  • Transportation Security Administration (TSA) 2018 Pipeline security standard
  • International Society of Automation (ISA)/International Electrotechnical Commission (IEC) 62443 standards  

CISA encourages users to update to CSET version 9.2, available at https://github.com/cisagov/cset/wiki.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Vulnerability Summary for the Week of October 28, 2019

US-CERT All NCAS Products - Mon, 11/04/2019 - 08:07
Original release date: November 4, 2019

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- experience_manager
  Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-10-25 7.5 CVE-2019-8088
CONFIRM apache -- thrift In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. 2019-10-29 7.8 CVE-2019-0205
MISC bitlbee -- bitlbee
  Bitlbee does not drop extra group privileges correctly in unix.c 2019-10-29 7.5 CVE-2012-1187
MISC
MISC
MISC
MISC cisco -- video_communications_server
  Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. 2019-10-29 9 CVE-2011-2538
CONFIRM codesys -- eni_server
  CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. 2019-10-25 7.5 CVE-2019-16265
CONFIRM
MISC d-link -- dir-865
  D-Link DIR-865L has PHP File Inclusion in the router xml file. 2019-10-25 7.5 CVE-2013-4857
MISC
MISC d-link -- dir-865l_devices
  D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. 2019-10-25 7.9 CVE-2013-4855
MISC
MISC
MISC debian_project -- qtparted
  qtparted has insecure library loading which may allow arbitrary code execution 2019-10-29 7.5 CVE-2010-3375
DEBIAN
MISC
MISC google -- chrome
  browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. 2019-10-25 7.5 CVE-2016-5202
MISC
MISC
MISC
MISC
MISC hot-world -- repetier-server A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. 2019-10-28 10 CVE-2019-14450
CONFIRM
MISC hot-world -- repetier-server
  RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. 2019-10-25 10 CVE-2019-14451
CONFIRM
MISC intrasrv -- intrasrv
  A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system. 2019-10-28 10 CVE-2019-17181
MISC
MISC jetbrains -- teamcity In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. 2019-10-31 7.5 CVE-2019-18364
CONFIRM k7_computing -- antivirus_premium_and_total_security_and_ultimate_security
  In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process. 2019-10-28 7.5 CVE-2019-16897
MISC labf -- nfsaxe_ftp_client
  Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. 2019-10-25 7.5 CVE-2017-14742
EXPLOIT-DB linksys -- ea6500_router
  Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. 2019-10-25 10 CVE-2013-4658
MISC
MISC
MISC medoo -- medoo
  columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. 2019-10-30 7.5 CVE-2019-10762
MISC
MISC mikrotik -- routeros
  RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords. 2019-10-29 8.5 CVE-2019-3977
MISC milesight -- ip_security_cameras
  Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. 2019-10-25 7.5 CVE-2016-2356
MISC
MISC
MISC milesight -- ip_security_cameras
  Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. 2019-10-25 7.5 CVE-2016-2359
MISC
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.) 2019-10-28 10 CVE-2019-14930
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices
  An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data. 2019-10-28 10 CVE-2019-14931
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices
  An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites. 2019-10-28 7.5 CVE-2019-14926
MISC
MISC philips -- intellispace_perinatal
  In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. 2019-10-25 7.2 CVE-2019-13546
MISC php -- php
  In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. 2019-10-28 7.5 CVE-2019-11043
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MISC
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
UBUNTU
UBUNTU
DEBIAN
DEBIAN pixelpost -- pixelpost
  pixelpost 1.7.1 has SQL injection 2019-10-28 7.5 CVE-2009-4899
MISC
DEBIAN
MISC rconfig -- rconfig
  An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. 2019-10-28 9 CVE-2019-16663
MISC
MISC
MISC
MISC
MISC rconfig -- rconfig
  An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. 2019-10-28 10 CVE-2019-16662
MISC
MISC
MISC
MISC
MISC
MISC rittal -- rittal_chiller_sk_3232_series
  Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. 2019-10-25 10 CVE-2019-13553
FULLDISC
MISC sequelize -- sequelize
  Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. 2019-10-29 7.5 CVE-2019-10748
MISC
MISC
MISC sequelize -- sequelize
  sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. 2019-10-29 7.5 CVE-2019-10749
MISC
MISC snoopy -- snoopy
e Snoopy before 2.0.0 has a security hole in exec cURL 2019-10-28 7.5 CVE-2002-2444
MISC
DEBIAN
MISC sugarcrm -- sugarcrm
  SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. 2019-10-29 7.5 CVE-2012-0694
MISC
MISC
EXPLOIT-DB tightvnc_software -- tightvnc TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. 2019-10-29 7.5 CVE-2019-8287
MLIST tightvnc_software -- tightvnc
  TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. 2019-10-29 7.5 CVE-2019-15679
MLIST tightvnc_software -- tightvnc
  TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. 2019-10-29 7.5 CVE-2019-15678
MLIST tiki_wiki -- cms_groupware Tiki Wiki CMS Groupware 5.2 has Local File Inclusion 2019-10-28 7.5 CVE-2010-4239
MISC
MISC
MISC
MISC tp-link -- tl-wdr4300_devices TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. 2019-10-25 9.3 CVE-2013-4848
MISC
MISC
MISC
MISC
MISC transmission -- transmission
  Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. 2019-10-30 7.5 CVE-2010-0748
MISC
CONFIRM
MISC
CONFIRM
MLIST youphptube -- youphptube
  A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. 2019-10-25 7.5 CVE-2019-5127
MISC youphptube -- youphptube
  A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. 2019-10-25 7.5 CVE-2019-5128
MISC youphptube -- youphptube
  A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack. 2019-10-25 7.5 CVE-2019-5129
MISC ytnef -- ytnef
  ytnef has directory traversal 2019-10-29 7.5 CVE-2009-3887
MISC
MISC
MISC
MISC
MISC zend_framework -- zend_framework
  Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. 2019-10-25 7.5 CVE-2015-0270
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- experience_manager
  Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 5 CVE-2019-8087
CONFIRM adobe -- experience_manager
  Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 4.3 CVE-2019-8083
CONFIRM adobe -- experience_manager
  Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 4.3 CVE-2019-8084
CONFIRM adobe -- experience_manager
  Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 4.3 CVE-2019-8085
CONFIRM adobe -- experience_manager
  Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 4.3 CVE-2019-8234
CONFIRM adobe -- experience_manager
  Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 5 CVE-2019-8081
CONFIRM adobe -- experience_manager
  Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 5 CVE-2019-8082
CONFIRM adobe -- experience_manager
  Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. 2019-10-25 5 CVE-2019-8086
CONFIRM apache -- hadoop
  Hadoop 1.0.3 contains a symlink vulnerability. 2019-10-29 5 CVE-2012-2945
MISC
MISC apache -- thrift
  In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. 2019-10-29 5 CVE-2019-0210
CONFIRM clipsoft -- rexpert ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 4.3 CVE-2019-17324
MISC clipsoft -- rexpert
  ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 4.3 CVE-2019-17325
MISC clipsoft -- rexpert
  ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 5.8 CVE-2019-17326
MISC clipsoft -- rexpert
  ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 4.3 CVE-2019-17322
MISC clipsoft -- rexpert
  ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required. 2019-10-30 5 CVE-2019-17321
MISC clipsoft -- rexpert
  ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. 2019-10-30 6.8 CVE-2019-17323
MISC corehr -- core_portal
  CoreHR Core Portal before 27.0.7 allows stored XSS. 2019-10-25 4.3 CVE-2019-18221
MISC
MISC debian_project -- mercurial
  Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. 2019-10-29 4.3 CVE-2010-4237
MISC
CONFIRM
CONFIRM
MISC debian_project -- pootle
  pootle 2.0.5 has XSS via 'match_names' parameter 2019-10-28 4.3 CVE-2010-4245
MISC
DEBIAN
MISC
MISC debian_project -- xpdf
  In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. 2019-10-30 4.3 CVE-2010-0207
MISC
MISC debian_project -- xpdf
  xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. 2019-10-30 4.3 CVE-2010-0206
MISC
MISC debian_project -- zoo
  Zoo 2.10 has Directory traversal 2019-10-28 5 CVE-2005-2349
MISC
MISC devada -- dzone_and_answerhub
  An XML External Entity Injection vulnerability exists in Dzone AnswerHub. 2019-10-28 5 CVE-2017-15725
MISC digium -- asterisk
  asterisk allows calls on prohibited networks 2019-10-29 5 CVE-2009-3723
MISC
MISC
MISC fabrik -- fabrik
  Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. 2019-10-29 4.3 CVE-2018-10727
MISC foxit -- phantompdf
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692. 2019-10-25 6.8 CVE-2019-17139
MISC
MISC foxit -- phantompdf
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276. 2019-10-25 6.8 CVE-2019-17145
MISC foxit -- phantompdf
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274. 2019-10-25 6.8 CVE-2019-17144
MISC foxit -- phantompdf
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081. 2019-10-25 6.8 CVE-2019-17142
MISC
MISC foxit -- phantompdf
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044. 2019-10-25 6.8 CVE-2019-17141
MISC
MISC foxit -- phantompdf
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273. 2019-10-25 4.3 CVE-2019-17143
MISC foxit -- phantompdf
  This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091. 2019-10-25 6.8 CVE-2019-17140
MISC
MISC foxit -- studio_photo
  This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809. 2019-10-25 4.3 CVE-2019-17138
MISC
MISC gnuboard -- gnuboard5
  GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter. 2019-10-30 4.3 CVE-2018-18678
MISC
MISC
MISC gpw -- gpw
  gpw generates shorter passwords than required 2019-10-29 5 CVE-2011-4931
MISC
MISC
MISC
MISC honeywell -- ip-ak2
  In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. 2019-10-25 5 CVE-2019-13525
MISC ibm -- api_connect
  IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883. 2019-10-29 5 CVE-2019-4600
XF
CONFIRM ibm -- cloud_orchestrator
  IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. 2019-10-25 5 CVE-2019-4399
XF
CONFIRM ibm -- cloud_orchestrator
  IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261. 2019-10-25 4 CVE-2019-4400
XF
CONFIRM ibm -- maximo_asset_management
  After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948. 2019-10-29 6.5 CVE-2019-4546
XF
CONFIRM ibm -- security_access_manager_appliance
  IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. 2019-10-25 5 CVE-2019-4036
XF
CONFIRM ibm -- security_guardium_big_data_intelligence IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. 2019-10-29 5 CVE-2019-4339
XF
CONFIRM ibm -- security_guardium_big_data_intelligence
  IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. 2019-10-29 6.4 CVE-2019-4306
XF
CONFIRM ibm -- security_guardium_big_data_intelligence
  IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. 2019-10-29 5 CVE-2019-4314
XF
CONFIRM ibm -- security_guardium_big_data_intelligence
  IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210. 2019-10-29 4.3 CVE-2019-4330
XF
CONFIRM ibm -- security_guardium_big_data_intelligence
  IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209. 2019-10-29 4 CVE-2019-4329
XF
CONFIRM ibm -- security_guardium_big_data_intelligence
  IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037. 2019-10-29 5 CVE-2019-4311
XF
CONFIRM ikiwiki -- ikiwiki
  A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. 2019-10-30 4.3 CVE-2010-1673
CONFIRM
MISC ikiwiki -- ikiwiki
  Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. 2019-10-29 4.3 CVE-2011-0428
CONFIRM
MISC jetbrains -- teamcity
  In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. 2019-10-31 5 CVE-2019-18369
CONFIRM jetbrains -- teamcity
  In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. 2019-10-31 5 CVE-2019-18363
CONFIRM labkey -- labkey_server
  An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. 2019-10-29 6.8 CVE-2019-9926
MISC
MISC labkey -- labkey_server
  An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. 2019-10-29 5 CVE-2019-9757
MISC
MISC libpod -- libpod
  An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host. 2019-10-28 5.8 CVE-2019-18466
MISC
MISC
MISC
MISC mcafee -- mcafee_total_protection
  A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. 2019-10-28 4.6 CVE-2019-3636
CONFIRM mediawiki -- mediawiki
  An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information. 2019-10-29 5 CVE-2019-18612
MISC
MISC mediawiki -- mediawiki
  A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. 2019-10-31 4.3 CVE-2013-1951
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC mediawiki -- mediawiki
  An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. 2019-10-29 4 CVE-2019-18611
MISC
MISC mediawiki -- mediawiki
  mediawiki allows deleted text to be exposed 2019-10-29 5 CVE-2012-0046
MISC
MISC
MISC mikrotik -- routeros
  RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records. 2019-10-29 5 CVE-2019-3979
MISC mikrotik -- routeros
  RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. 2019-10-29 6.5 CVE-2019-3976
MISC mikrotik -- routeros
  RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning 2019-10-29 5 CVE-2019-3978
MISC
MISC milesight -- ip_security_cameras
  Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. 2019-10-25 5 CVE-2016-2358
MISC
MISC
MISC milesight -- ip_security_cameras
  Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. 2019-10-25 5 CVE-2016-2360
MISC
MISC
MISC milesight -- ip_security_cameras
  Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. 2019-10-25 5 CVE-2016-2357
MISC
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices

  An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. 2019-10-28 4 CVE-2019-14925
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices
  An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service. 2019-10-28 5 CVE-2019-14929
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices
  An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data). 2019-10-28 5 CVE-2019-14927
MISC
MISC netapp -- clustered_data_ontap Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). 2019-10-25 5 CVE-2019-5508
MISC openafs_foundation -- openafs OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. 2019-10-29 5 CVE-2019-18602
MISC openafs_foundation -- openafs
  OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. 2019-10-29 4.3 CVE-2019-18603
MISC openafs_foundation -- openafs
  OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. 2019-10-29 5 CVE-2019-18601
MISC pimcore -- pimcore
  Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. 2019-10-31 4.3 CVE-2019-18656
MISC pixelpost -- pixelpost
  pixelpost 1.7.1 has XSS 2019-10-28 4.3 CVE-2009-4900
MISC
DEBIAN
MISC python_keyring_lib -- python_keyring_lib
  Python keyring lib before 0.10 created keyring files with world-readable permissions. 2019-10-28 5 CVE-2012-5577
MISC
CONFIRM
MISC
MISC
MISC rittal -- rittal_chiller_sk_3232_series
  Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. 2019-10-25 5 CVE-2019-13549
FULLDISC
MISC schneider_electric -- multiple_modicon_controllers
  A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol. 2019-10-29 4 CVE-2019-6841
CONFIRM schneider_electric -- multiple_modicon_controllers
  A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol. 2019-10-29 4 CVE-2019-6842
CONFIRM schneider_electric -- multiple_modicon_controllers
  A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol. 2019-10-29 4 CVE-2019-6843
CONFIRM schneider_electric -- multiple_modicon_controllers
  A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. 2019-10-29 4 CVE-2019-6844
CONFIRM schneider_electric -- multiple_modicon_controllers
  A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol. 2019-10-29 4 CVE-2019-6847
CONFIRM schneider_electric -- multiple_modicon_controllers
  A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module. 2019-10-29 5 CVE-2019-6849
CONFIRM schneider_electric -- multiple_modicon_controllers
  A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module. 2019-10-29 5 CVE-2019-6848
CONFIRM schneider_electric -- multiple_modicon_controllers
  A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. 2019-10-29 5 CVE-2019-6850
CONFIRM terramaster -- fs-210_devices
  An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. 2019-10-28 6.5 CVE-2019-18195
MISC tightvnc_software -- tightvnc
  TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. 2019-10-29 5 CVE-2019-15680
MLIST tiki_wiki -- cms_groupware
  Tiki Wiki CMS Groupware 5.2 has XSS 2019-10-28 4.3 CVE-2010-4240
MISC
MISC
MISC
MISC tiki_wiki -- cms_groupware
  Tiki Wiki CMS Groupware 5.2 has CSRF 2019-10-28 6.8 CVE-2010-4241
MISC
MISC
MISC
MISC total_defense -- anti-virus
  The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted. 2019-10-31 5.8 CVE-2019-18644
MISC transmission -- transmission
  Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. 2019-10-30 5 CVE-2010-0749
MISC
CONFIRM
MISC
CONFIRM
MLIST trend_micro -- apex_one
  Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication. 2019-10-28 5 CVE-2019-18188
N/A trend_micro -- office_scan
  Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. 2019-10-28 5 CVE-2019-18187
N/A youphptube -- youphptube An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5120
MISC youphptube -- youphptube
  SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. 2019-10-25 6.5 CVE-2019-5122
MISC youphptube -- youphptube
  SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php 2019-10-25 6.5 CVE-2019-5121
MISC youphptube -- youphptube
  An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5119
MISC youphptube -- youphptube
  Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5117
MISC youphptube -- youphptube
  An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5116
MISC youphptube -- youphptube
  An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. 2019-10-25 6.5 CVE-2019-5114
MISC youphptube -- youphptube
  Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. 2019-10-25 6.5 CVE-2019-5123
MISC zucchetti -- infobusiness Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter. 2019-10-30 4.3 CVE-2019-18205
MISC zucchetti -- infobusiness
  Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. 2019-10-30 6.5 CVE-2019-18204
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- airflow
  A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. 2019-10-30 3.5 CVE-2019-12417
MLIST d-link -- dir-865l_devices
  D-Link DIR-865L has Information Disclosure. 2019-10-25 2.9 CVE-2013-4856
MISC
MISC
MISC debian_project -- mailscanner
  mailscanner can allow local users to prevent virus signatures from being updated 2019-10-28 2.1 CVE-2010-3293
MISC
DEBIAN
MISC
MISC debian_project -- paxtext
  paxtest handles temporary files insecurely 2019-10-29 2.1 CVE-2010-3373
MISC
MISC
MISC gmer -- gmer A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability. 2019-10-29 2.1 CVE-2016-4289
MISC ibm -- cloud_orchestrator
  IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. 2019-10-25 2.1 CVE-2019-4395
XF
CONFIRM ibm -- cloud_orchestrator
  IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. 2019-10-25 3.5 CVE-2019-4396
XF
CONFIRM ibm -- cloud_orchestrator
  IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. 2019-10-25 3.5 CVE-2019-4461
XF
CONFIRM ibm -- cloud_orchestrator
  IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. 2019-10-25 2.1 CVE-2019-4394
XF
CONFIRM ibm -- security_guardium_big_data_intelligence
  IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. 2019-10-29 2.1 CVE-2019-4307
XF
CONFIRM ibm -- security_guardium_big_data_intelligence
  IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. 2019-10-29 2.1 CVE-2019-4309
XF
CONFIRM labkey -- labkey_server
  An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation. 2019-10-29 3.5 CVE-2019-9758
MISC
MISC mantisbt -- mantisbt
  A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. 2019-10-31 3.5 CVE-2013-1934
MISC
MISC
MISC
CONFIRM
MISC mitsubishi_electric_and_inea -- me-rtu_devices
  An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. 2019-10-28 3.5 CVE-2019-14928
MISC
MISC postgresql -- postgresql
  Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan. 2019-10-29 3.5 CVE-2019-10209
CONFIRM
CONFIRM postgresql -- postgresql_windows_installer
  Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. 2019-10-29 1.9 CVE-2019-10210
CONFIRM
CONFIRM total_defense -- antivirus
  The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. 2019-10-31 2.1 CVE-2019-18645
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info advantech -- wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. 2019-10-31 not yet calculated CVE-2019-18229
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC advantech -- wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. 2019-10-31 not yet calculated CVE-2019-13547
MISC
MISC advantech -- wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. 2019-10-31 not yet calculated CVE-2019-18227
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC advantech -- wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. 2019-10-31 not yet calculated CVE-2019-13551
MISC
MISC
MISC
MISC
MISC amd -- atidxx64.dll_driver An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2019-10-31 not yet calculated CVE-2019-5049
MISC apache -- struts Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. 2019-11-01 not yet calculated CVE-2011-3923
MISC
EXPLOIT-DB
BID
MISC
MISC
XF
MISC apak -- wholesale_floorplanning_finance Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter to WFS/agreementView.faces in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG ?Notes? section are likely affected. 2019-10-31 not yet calculated CVE-2019-17551
MISC archiver -- archiver All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. 2019-10-29 not yet calculated CVE-2019-10743
MISC
MISC
MISC archos -- safe-t_devices On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 not yet calculated CVE-2019-14358
MISC aruba -- instant Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. 2019-10-30 not yet calculated CVE-2018-16417
BID
CONFIRM
MISC
CONFIRM
MISC atlantis_word_processor -- atlantis_word_processor An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2018-3983
MISC atlassian -- infosysta_for_jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. 2019-11-01 not yet calculated CVE-2019-16908
MISC
MISC atlassian -- infosysta_for_jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. 2019-11-01 not yet calculated CVE-2019-16909
MISC
MISC atlassian -- infosysta_for_jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI. 2019-10-31 not yet calculated CVE-2019-16907
MISC
BUGTRAQ atlassian -- infosysta_for_jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. 2019-10-31 not yet calculated CVE-2019-16906
MISC
BUGTRAQ atlassian -- jira An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin. 2019-10-31 not yet calculated CVE-2019-5095
MISC autojump -- autojump autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. 2019-10-31 not yet calculated CVE-2013-2012
MISC
MISC
MISC
CONFIRM
CONFIRM
MISC avast -- antivirus A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 not yet calculated CVE-2019-18653
MISC
MISC avg_technologies -- avg_antivirus A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 not yet calculated CVE-2019-18654
MISC
MISC axohelp -- axohelp In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. 2019-10-29 not yet calculated CVE-2019-18604
MISC bitdefender -- box_firmware An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode. 2019-10-31 not yet calculated CVE-2019-12612
CONFIRM centos-webpanel -- centos_web_panel Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim. 2019-10-31 not yet calculated CVE-2019-16295
MISC
CONFIRM cezerin -- cezerin Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js. 2019-10-29 not yet calculated CVE-2019-18608
MISC chicken -- chicken OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. 2019-10-31 not yet calculated CVE-2013-2024
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC chicken -- chicken Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. 2019-10-31 not yet calculated CVE-2013-2075
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC chicken -- chicken A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." 2019-10-31 not yet calculated CVE-2012-6124
MISC
MISC
CONFIRM
MISC chicken -- chicken Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." 2019-10-31 not yet calculated CVE-2012-6123
MISC
MISC
MISC chicken -- chicken Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. 2019-10-31 not yet calculated CVE-2012-6125
MISC
MISC
CONFIRM
CONFIRM
MISC chicken -- chicken Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. 2019-10-31 not yet calculated CVE-2012-6122
MISC
MISC
MISC
MISC
MISC
CONFIRM
CONFIRM
MISC compal -- ch7465lg_modem The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. 2019-10-28 not yet calculated CVE-2019-17224
MISC
MISC cujo -- smart_firewall An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability. 2019-10-31 not yet calculated CVE-2018-4031
MISC cujo -- smart_firewall An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2018-4002
MISC debian_project -- autokey The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. 2019-10-30 not yet calculated CVE-2010-0398
MISC
MISC debian_project -- burn burn allows file names to escape via mishandled quotation marks 2019-10-31 not yet calculated CVE-2009-5043
MISC debian_project -- debian The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected. 2019-10-30 not yet calculated CVE-2018-5735
CONFIRM debian_project -- mumble Mumble: murmur-server has DoS due to malformed client query 2019-10-31 not yet calculated CVE-2010-2490
MISC
MISC
MISC debian_project -- overkill overkill has buffer overflow via long player names that can corrupt data on the server machine 2019-10-31 not yet calculated CVE-2009-5041
MISC debian_project -- python-docutils python-docutils allows insecure usage of temporary files 2019-10-31 not yet calculated CVE-2009-5042
MISC debian_project -- drbd8 drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. 2019-10-30 not yet calculated CVE-2010-0747
MISC
CONFIRM debian_project -- mutt Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. 2019-11-01 not yet calculated CVE-2005-2351
MISC
MISC elastic -- elasticsearch Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. 2019-10-30 not yet calculated CVE-2019-7619
CONFIRM
CONFIRM
CONFIRM elastic -- logstash Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding. 2019-10-30 not yet calculated CVE-2019-7620
CONFIRM
CONFIRM
CONFIRM european_commission -- eidas_node_integration_package European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. 2019-10-30 not yet calculated CVE-2019-18633
MISC european_commission -- eidas_node_integration_package European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. 2019-10-30 not yet calculated CVE-2019-18632
MISC f5 -- big-ip On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. 2019-11-01 not yet calculated CVE-2019-6657
CONFIRM f5 -- big-ip_afm On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. 2019-11-01 not yet calculated CVE-2019-6658
CONFIRM facebook -- whatsapp The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. 2019-11-02 not yet calculated CVE-2019-18659
MISC fastweb -- fastgate_devices Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. 2019-11-02 not yet calculated CVE-2019-18661
MISC
MISC fortinet -- fortiextender An OS command injection vulnerability in FortiExtender 4.1.1 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. 2019-10-31 not yet calculated CVE-2019-15710
CONFIRM foswiki -- foswiki Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. 2019-11-01 not yet calculated CVE-2013-1666
CONFIRM
MISC
MISC
MISC freebsd --freebsd /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD has XSS via a filename. 2019-11-02 not yet calculated CVE-2019-18667
MISC freebsd -- freebsd FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. 2019-11-01 not yet calculated CVE-2012-2979
MISC
CONFIRM
MISC freetds -- freetds FreeTDS through 1.1.11 has a Buffer Overflow. 2019-10-31 not yet calculated CVE-2019-13508
MISC glpi_project -- glpi GLPI 0.83.7 has Local File Inclusion in common.tabs.php. 2019-11-01 not yet calculated CVE-2013-2227
MISC
MISC
MISC
MISC
MISC gnome -- evince evince is missing a check on number of pages which can lead to a segmentation fault 2019-11-01 not yet calculated CVE-2013-3718
MISC
MISC
MISC
MISC google -- nest_cam_iq_indoor An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5043
MISC grsecurity -- pax An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability. 2019-10-31 not yet calculated CVE-2019-5023
MISC gs-gpl -- gs-gpl I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. 2019-11-01 not yet calculated CVE-2005-2352
MISC
MISC honeywell -- equip_and_performance_series_ip_cameras Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. 2019-10-31 not yet calculated CVE-2019-18230
MISC honeywell -- equip_and_performance_series_ip_cameras_and_recorders Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. 2019-10-31 not yet calculated CVE-2019-18226
MISC

honeywell -- equip_ip_and_multiple_equip_series_cameras

Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affe products where a specially crafted HTTP packet request could result in a denial of service. 2019-10-31 not yet calculated CVE-2019-18228
MISC hunt_cctv -- multiple_cctv_devices Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. 2019-10-30 not yet calculated CVE-2013-1391
MISC
MISC
BID hyundai -- pay_kasse_hk-1000_devices On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 not yet calculated CVE-2019-14360
MISC icedtea6 -- icedtea6 IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. 2019-10-31 not yet calculated CVE-2010-2783
CONFIRM
MISC
MISC
MISC icedtea6 -- icedtea6 IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. 2019-10-31 not yet calculated CVE-2010-2548
CONFIRM
MISC
MISC ikiwiki -- ikiwiki ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. 2019-10-29 not yet calculated CVE-2011-1408
CONFIRM
MISC
MISC
MISC internet_systems_consortium -- bind There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. 2019-11-01 not yet calculated CVE-2019-6470
CONFIRM
CONFIRM
CONFIRM
CONFIRM ipswitch -- progress_movieit_transfer In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. 2019-10-31 not yet calculated CVE-2019-18465
CONFIRM
CONFIRM ipswitch -- progress_movieit_transfer In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. 2019-10-31 not yet calculated CVE-2019-18464
CONFIRM
CONFIRM
CONFIRM
CONFIRM jetbrains -- hub In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. 2019-10-31 not yet calculated CVE-2019-18360
CONFIRM jetbrains -- intellij_idea JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. 2019-10-31 not yet calculated CVE-2019-18361
CONFIRM jetbrains -- mps JetBrains MPS before 2019.2.2 exposed listening ports to the network. 2019-10-31 not yet calculated CVE-2019-18362
CONFIRM jetbrains -- teaamcity In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. 2019-10-31 not yet calculated CVE-2019-18367
CONFIRM jetbrains -- teaamcity In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. 2019-10-31 not yet calculated CVE-2019-18365
CONFIRM jetbrains -- teaamcity In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. 2019-10-31 not yet calculated CVE-2019-18366
CONFIRM jetbrains -- toolbox_app In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. 2019-10-31 not yet calculated CVE-2019-18368
CONFIRM jitbit -- jitbit A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. 2019-11-01 not yet calculated CVE-2019-18636
MISC
MISC libvnc -- libvnc LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. 2019-10-29 not yet calculated CVE-2019-15681
MISC
MLIST
MLIST linux -- linux_kernel ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. 2019-11-01 not yet calculated CVE-2013-4367
MISC
MISC magento -- magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input. 2019-10-30 not yet calculated CVE-2019-8235
CONFIRM manageiq -- manageiq_evm Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-11-01 not yet calculated CVE-2013-0186
CONFIRM
MISC mantisbt -- mantisbt A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. 2019-10-31 not yet calculated CVE-2013-1931
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC mantisbt -- mantisbt A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. 2019-10-31 not yet calculated CVE-2013-1932
MISC
MISC
MISC
CONFIRM
MISC mantisbt -- mantisbt MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. 2019-10-31 not yet calculated CVE-2013-1930
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC mapserver -- mapserver Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. 2019-10-29 not yet calculated CVE-2010-1678
MISC
MISC
CONFIRM maxthon -- maxthon_browser_for_windows Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. 2019-10-29 not yet calculated CVE-2019-16647
MISC
MISC minidlna -- minidlna MiniDLNA has heap-based buffer overflow 2019-11-01 not yet calculated CVE-2013-2739
MISC
MISC minidlna -- minidlna minidlna has SQL Injection that may allow retrieval of arbitrary files 2019-11-01 not yet calculated CVE-2013-2738
MISC
MISC
MISC
MISC miniupnpd -- miniupnpd MiniUPnPd has information disclosure use of snprintf() 2019-11-01 not yet calculated CVE-2013-2600
MISC
MISC
MISC
MISC
MISC mooltipass -- moolticute An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp. 2019-10-30 not yet calculated CVE-2019-18635
MISC
MISC opera -- opera_mini_for_android Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. 2019-10-29 not yet calculated CVE-2019-18624
MISC
MISC phoenix_contact -- pc_works_and_pc_worx_express_and_config+ An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. 2019-10-31 not yet calculated CVE-2019-16675
MISC
MISC
MISC postgresql -- postgresql A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. 2019-10-29 not yet calculated CVE-2019-10208
CONFIRM
CONFIRM postgresql -- postgresql_windows_installer Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. 2019-10-29 not yet calculated CVE-2019-10211
CONFIRM
CONFIRM project_jupyter -- jupyter_notebook Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. 2019-10-31 not yet calculated CVE-2018-21030
MISC
MISC python -- python An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5010
MISC qtum -- qtum qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-10-29 not yet calculated CVE-2018-19151
MISC
MISC

rainbow_pdf -- office_server_document_converter

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution. 2019-10-31 not yet calculated CVE-2019-5030
MISC rdesktop -- rdesktop RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 2019-10-30 not yet calculated CVE-2019-15682
MISC red_hat -- jboss_operations_network A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. 2019-10-30 not yet calculated CVE-2010-0737
MISC red_hat -- openshift cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. 2019-11-01 not yet calculated CVE-2013-0165
MISC red_hat -- openstack HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. 2019-11-01 not yet calculated CVE-2013-2255
MISC
MISC
MISC
MISC
MISC
MISC
MISC red_hat -- red_hat_enterprise_linux While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected. 2019-10-30 not yet calculated CVE-2018-5742
CONFIRM redis -- redis Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. 2019-11-01 not yet calculated CVE-2013-0180