VMware Releases Security Updates for Multiple Products

US-CERT All NCAS Products - Tue, 09/17/2019 - 16:06
Original release date: September 17, 2019

VMware has released security updates to address vulnerabilities in ESXi and vCenter. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0013 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

2019 CWE Top 25 Most Dangerous Software Errors

US-CERT All NCAS Products - Tue, 09/17/2019 - 15:30
Original release date: September 17, 2019

MITRE has released the 2019 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors list. The Top 25 is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Vulnerability Summary for the Week of September 9, 2019

US-CERT All NCAS Products - Mon, 09/16/2019 - 15:47
Original release date: September 16, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 10web -- photo_gallery SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. 2019-09-08 7.5 CVE-2019-16119
MISC
MISC
MISC
MISC adobe -- flash_player Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. 2019-09-12 10.0 CVE-2019-8069
CONFIRM adobe -- flash_player Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. 2019-09-12 10.0 CVE-2019-8070
CONFIRM advantech -- webaccess Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. 2019-09-10 7.5 CVE-2019-3975
MISC apache -- ofbiz The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850019 2019-09-11 7.5 CVE-2018-17200
MLIST apache -- ofbiz The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16 2019-09-11 7.5 CVE-2019-0189
MLIST
MLIST
MLIST apache -- ofbiz An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533 2019-09-11 7.5 CVE-2019-10074
MLIST
MLIST artifex -- ghostscript A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. 2019-09-06 7.5 CVE-2019-14813
CONFIRM
REDHAT
CONFIRM
MLIST
BUGTRAQ
DEBIAN atutor -- atutor In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php. 2019-09-09 7.5 CVE-2019-16114
MISC
MISC blake2 -- blake2 An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes. 2019-09-09 7.5 CVE-2019-16143
MISC broadcom -- ca_client_automation An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. 2019-09-06 7.5 CVE-2019-13656
MISC
FULLDISC
MISC
BUGTRAQ compact_arena_project -- compact_arena An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read. 2019-09-09 9.0 CVE-2019-16139
MISC
MISC couchbase -- couchbase_server An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON document to be stored with more than 3000 '\t' characters can crash the indexing system. 2019-09-10 7.8 CVE-2019-11467
MISC couchbase -- couchbase_server Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network services by default. One of those services is an epmd service, which allows for node integration between Erlang instances. This service is protected by a single 16-character password. Unfortunately, this password is not generated securely due to an insufficient random seed, and can be reasonably brute-forced by an attacker to execute code against a remote system. 2019-09-10 7.5 CVE-2019-11495
MISC dlink -- dir-806_firmware D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning. 2019-09-06 10.0 CVE-2019-10891
MISC dlink -- dir-806_firmware hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning. 2019-09-06 10.0 CVE-2019-10892
MISC dlink -- dir-868l_firmware SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. 2019-09-09 7.5 CVE-2019-16190
MISC doccms -- doccms upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive. 2019-09-09 7.5 CVE-2019-16192
MISC facebook -- hhvm Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. 2019-09-06 7.5 CVE-2019-11925
CONFIRM
CONFIRM
CONFIRM facebook -- hhvm Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. 2019-09-06 7.5 CVE-2019-11926
CONFIRM
CONFIRM
CONFIRM generator-rs_project -- generator-rs An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. 2019-09-09 7.8 CVE-2019-16144
MISC
MISC gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. 2019-09-09 7.5 CVE-2019-6960
CONFIRM
CONFIRM gitlabhook_project -- gitlabhook NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. 2019-09-13 10.0 CVE-2019-5485
MISC google -- android NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address 2019-09-06 7.2 CVE-2018-6240
CONFIRM
MISC google -- android In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 7.5 CVE-2019-9275
MISC google -- android In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. 2019-09-06 7.2 CVE-2019-9345
MISC google -- android In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 7.8 CVE-2019-9461
MISC gravitatedesign -- gravitate_qa_tracker The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. 2019-09-10 7.5 CVE-2017-18605
MISC
MISC image-rs -- image An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution. 2019-09-09 7.5 CVE-2019-16138
MISC
MISC isahc_project -- isahc An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. 2019-09-09 7.5 CVE-2019-16140
MISC jenkins -- script_security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. 2019-09-12 7.5 CVE-2019-10399
MLIST
MISC jenkins -- script_security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. 2019-09-12 7.5 CVE-2019-10400
MLIST
MISC jobberbase -- jobberbase In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. 2019-09-08 7.5 CVE-2019-16125
MISC
MISC librenms -- librenms An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files. 2019-09-09 7.5 CVE-2019-10665
MISC libreoffice -- libreoffice LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. 2019-09-06 7.5 CVE-2019-9854
FEDORA
BUGTRAQ
DEBIAN
CONFIRM libreoffice -- libreoffice LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. 2019-09-06 7.5 CVE-2019-9855
CONFIRM lifterlms -- lifterlms An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS. 2019-09-10 7.5 CVE-2019-15896
MISC
MISC
MISC limesurvey -- limesurvey A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. 2019-09-09 7.5 CVE-2019-16184
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. 2019-09-06 7.5 CVE-2019-16089
MISC linux -- linux_kernel drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16229
MISC linux -- linux_kernel drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16230
MISC linux -- linux_kernel drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16231
MISC linux -- linux_kernel drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16232
MISC linux -- linux_kernel drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16233
MISC linux -- linux_kernel drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16234
MISC microfocus -- data_protector Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. 2019-09-13 7.2 CVE-2019-11660
CONFIRM microsoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. 2019-09-11 7.6 CVE-2019-1138
MISC microsoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. 2019-09-11 7.6 CVE-2019-1217
MISC microsoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300. 2019-09-11 7.6 CVE-2019-1237
MISC microsoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300. 2019-09-11 7.6 CVE-2019-1298
MISC microsoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298. 2019-09-11 7.6 CVE-2019-1300
MISC microsoft -- excel A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. 2019-09-11 9.3 CVE-2019-1297
MISC microsoft -- exchange_server A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. 2019-09-11 7.8 CVE-2019-1233
MISC microsoft -- internet_explorer A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236. 2019-09-11 7.6 CVE-2019-1208
MISC
MISC microsoft -- internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. 2019-09-11 7.6 CVE-2019-1221
MISC microsoft -- office A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1246
MISC microsoft -- team_foundation_server A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. 2019-09-11 7.5 CVE-2019-1306
MISC microsoft -- windows_10 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291. 2019-09-11 9.3 CVE-2019-0787
MISC microsoft -- windows_10 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291. 2019-09-11 9.3 CVE-2019-0788
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1214
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. 2019-09-11 7.2 CVE-2019-1215
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1235
MISC microsoft -- windows_10 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208. 2019-09-11 7.6 CVE-2019-1236
MISC microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1240
MISC microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1241
MISC microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1242
MISC microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1243
MISC microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1247
MISC microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1248
MISC microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1249
MISC microsoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249. 2019-09-11 9.3 CVE-2019-1250
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303. 2019-09-11 7.2 CVE-2019-1253
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. 2019-09-11 7.2 CVE-2019-1256
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1267
MISC microsoft -- windows_10 An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1268
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1272. 2019-09-11 7.2 CVE-2019-1269
MISC microsoft -- windows_10 An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1271
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1269. 2019-09-11 7.2 CVE-2019-1272
MISC microsoft -- windows_10 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. 2019-09-11 9.3 CVE-2019-1280
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256. 2019-09-11 7.2 CVE-2019-1285
MISC microsoft -- windows_10 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291. 2019-09-11 9.3 CVE-2019-1290
MISC microsoft -- windows_10 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290. 2019-09-11 9.3 CVE-2019-1291
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1278. 2019-09-11 7.2 CVE-2019-1303
MISC microsoft -- windows_7 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1284
MISC msi -- afterburner The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. 2019-09-11 7.2 CVE-2019-16098
MISC opencv -- opencv OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. 2019-09-11 7.5 CVE-2019-16249
MISC php -- ext-http A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. 2019-09-06 7.5 CVE-2016-7398
MISC
MISC
MISC podlove -- podlove_podcast_publisher The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. 2019-09-13 7.5 CVE-2016-10942
MISC
MISC
MISC py-lmdb_project -- py-lmdb An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. 2019-09-11 7.5 CVE-2019-16224
MISC py-lmdb_project -- py-lmdb An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. 2019-09-11 7.5 CVE-2019-16225
MISC py-lmdb_project -- py-lmdb An issue was discovered in py_lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. 2019-09-11 7.5 CVE-2019-16227
MISC renderdocs-rs_project -- renderdocs-rs An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application. 2019-09-09 7.5 CVE-2019-16142
MISC
MISC sahipro -- sahi_pro An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server. 2019-09-06 7.5 CVE-2019-15102
MISC sap -- hana The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. 2019-09-10 7.2 CVE-2019-0357
MISC
CONFIRM sap -- sap_kernel SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. 2019-09-10 7.8 CVE-2019-0365
MISC
CONFIRM silver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. 2019-09-08 7.5 CVE-2019-16102
MISC silver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. 2019-09-08 9.0 CVE-2019-16103
MISC spin-rs_project -- spin-rs An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. 2019-09-09 7.8 CVE-2019-16137
MISC symonics -- libmysofa Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. 2019-09-07 7.5 CVE-2019-16092
MISC symonics -- libmysofa Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. 2019-09-07 7.5 CVE-2019-16093
MISC teamviewer -- teamviewer An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials. 2019-09-11 7.2 CVE-2019-11769
MISC
MISC telestar -- bobs_rock_radio_firmware TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access. 2019-09-11 10.0 CVE-2019-13473
MISC
MISC tripplite -- pdumh15at_firmware Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053. 2019-09-12 8.5 CVE-2019-16261
MISC wondercms -- wondercms Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. 2019-09-12 7.5 CVE-2019-5956
MISC wp-kama -- kama_click_counter The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. 2019-09-13 9.3 CVE-2017-18614
MISC
MISC youphptube -- youphptube In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. 2019-09-08 7.5 CVE-2019-16124
MISC
MISC
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 10web -- photo_gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. 2019-09-08 4.3 CVE-2019-16117
MISC
MISC
MISC
MISC 10web -- photo_gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. 2019-09-08 4.3 CVE-2019-16118
MISC
MISC
MISC
MISC
MISC adobe -- application_manager Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. 2019-09-12 6.8 CVE-2019-8076
CONFIRM afterlogic -- aurora Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. 2019-09-12 4.3 CVE-2019-16238
MISC airbrake -- airbrake_ruby The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected). 2019-09-06 5.0 CVE-2019-16060
MISC alfresco -- alfresco An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). 2019-09-06 5.8 CVE-2019-14223
MISC apache -- ofbiz The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616 2019-09-11 4.3 CVE-2019-10073
MLIST apache -- solr Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. 2019-09-10 5.0 CVE-2019-12401
MLIST
MLIST apache -- traffic_control Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password. 2019-09-09 6.8 CVE-2019-12405
MLIST arubanetworks -- arubaos Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. 2019-09-13 4.3 CVE-2019-5314
CONFIRM atlassian -- jira The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. 2019-09-11 5.0 CVE-2019-14995
N/A atlassian -- jira The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. 2019-09-11 4.3 CVE-2019-14996
N/A atlassian -- jira The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. 2019-09-11 4.3 CVE-2019-14997
N/A atlassian -- jira The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. 2019-09-11 4.3 CVE-2019-14998
N/A atlassian -- jira The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. 2019-09-11 5.0 CVE-2019-8449
N/A atlassian -- jira The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. 2019-09-11 6.4 CVE-2019-8451
N/A bludit -- bludit Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. 2019-09-08 6.5 CVE-2019-16113
MISC bosch -- access An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. 2019-09-12 4.0 CVE-2019-11899
CONFIRM bower -- bower Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. 2019-09-13 5.0 CVE-2019-5484
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. 2019-09-10 5.5 CVE-2019-14721
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. 2019-09-10 4.0 CVE-2019-14722
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. 2019-09-10 4.0 CVE-2019-14723
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. 2019-09-11 5.0 CVE-2019-14724
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. 2019-09-11 4.0 CVE-2019-14725
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. 2019-09-10 6.5 CVE-2019-14726
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. 2019-09-10 4.0 CVE-2019-14727
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. 2019-09-10 4.0 CVE-2019-14728
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. 2019-09-10 5.5 CVE-2019-14729
MISC
MISC
MISC centos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. 2019-09-10 4.0 CVE-2019-14730
MISC
MISC
MISC changehealthcare -- cardiology_firmware A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code. 2019-09-06 4.6 CVE-2018-18630
MISC
MISC copy-me_project -- copy-me The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. 2019-09-13 4.3 CVE-2016-10938
MISC
MISC
MISC couchbase -- couchbase_server An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http server on port 8092 lacks an X-XSS protection header. 2019-09-10 4.3 CVE-2019-11464
MISC couchbase -- couchbase_server An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted. 2019-09-10 5.0 CVE-2019-11465
MISC couchbase -- couchbase_server An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Eventing debug endpoint mishandles authentication and audit. 2019-09-10 5.0 CVE-2019-11466
MISC couchbase -- couchbase_server An issue was discovered in Couchbase Server 5.0.0. Editing bucket settings resets credentials, and leads to authorization without credentials. 2019-09-10 6.4 CVE-2019-11496
MISC couchbase -- couchbase_server An issue was discovered in Couchbase Server 5.0.0. When creating a new remote cluster reference in Couchbase for XDCR, an invalid certificate is accepted. (The correct behavior is to validate the certificate against the remote cluster.) 2019-09-10 5.0 CVE-2019-11497
MISC cybozu -- garoon Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. 2019-09-12 4.0 CVE-2019-5976
MISC
MISC cybozu -- garoon Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'. 2019-09-12 4.0 CVE-2019-5977
MISC
MISC cybozu -- garoon Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. 2019-09-12 5.8 CVE-2019-5978
MISC
MISC cybozu -- garoon SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2019-09-12 6.5 CVE-2019-5991
MISC
MISC dell -- rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. 2019-09-11 5.5 CVE-2019-3759
CONFIRM dell -- rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. 2019-09-11 6.5 CVE-2019-3760
CONFIRM deltaww -- dcisoft Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b. 2019-09-11 4.6 CVE-2019-16247
MISC deltaww -- tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. 2019-09-11 6.8 CVE-2019-13536
MISC deltaww -- tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. 2019-09-11 6.8 CVE-2019-13540
MISC deltaww -- tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution. 2019-09-11 6.8 CVE-2019-13544
MISC designmodo -- qards The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. 2019-09-10 4.3 CVE-2017-18598
MISC digium -- asterisk res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. 2019-09-09 4.0 CVE-2019-15297
CONFIRM
MISC digium -- asterisk main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. 2019-09-09 5.0 CVE-2019-15639
CONFIRM
MISC easy!appointments_project -- easy!appointments Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). 2019-09-11 5.0 CVE-2019-14936
MISC eclipse -- omr Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. 2019-09-12 4.6 CVE-2019-11773
CONFIRM eclipse -- paho_java_client In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information. 2019-09-11 5.0 CVE-2019-11777
CONFIRM elementor -- elementor The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. 2019-09-10 6.5 CVE-2017-18596
MISC
MISC getgrav -- grav_cms Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. 2019-09-08 4.3 CVE-2019-16126
MISC gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. 2019-09-09 4.0 CVE-2019-11544
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. 2019-09-09 4.0 CVE-2019-11545
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. 2019-09-09 4.3 CVE-2019-11547
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. 2019-09-09 4.0 CVE-2019-11549
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. 2019-09-09 5.0 CVE-2019-11605
CONFIRM gitlab -- gitlab An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. 2019-09-09 6.5 CVE-2019-5473
CONFIRM
MISC gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. 2019-09-09 5.0 CVE-2019-6782
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. 2019-09-09 6.5 CVE-2019-6783
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. 2019-09-09 4.3 CVE-2019-6784
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. 2019-09-09 4.0 CVE-2019-6785
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. 2019-09-09 4.0 CVE-2019-6786
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services. 2019-09-09 5.0 CVE-2019-6788
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user. 2019-09-09 4.0 CVE-2019-6789
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. 2019-09-09 4.0 CVE-2019-6791
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. 2019-09-09 5.0 CVE-2019-6792
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. 2019-09-09 6.8 CVE-2019-6793
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. 2019-09-09 4.0 CVE-2019-6794
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering. 2019-09-09 5.8 CVE-2019-6795
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. 2019-09-09 4.0 CVE-2019-6995
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups. 2019-09-09 4.0 CVE-2019-6996
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles. 2019-09-09 4.0 CVE-2019-6997
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. 2019-09-09 4.3 CVE-2019-7176
CONFIRM
CONFIRM glyphandcog -- xpdfreader Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. 2019-09-06 4.3 CVE-2019-16088
MISC glyphandcog -- xpdfreader In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. 2019-09-08 6.8 CVE-2019-16115
MISC gnu -- cflow GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. 2019-09-09 4.3 CVE-2019-16165
MISC gnu -- cflow GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. 2019-09-09 4.3 CVE-2019-16166
MISC google -- android In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-2182
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9248
MISC google -- android In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9270
MISC google -- android In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9271
MISC google -- android In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9273
MISC google -- android In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9274
MISC google -- android In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9276
MISC google -- android In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9426
MISC google -- android In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. 2019-09-06 4.6 CVE-2019-9436
MISC google -- android In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9441
MISC google -- android In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9442
MISC google -- android In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9443
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9446
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9447
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9448
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9450
MISC google -- android In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9451
MISC google -- android In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9454
MISC google -- android In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9456
MISC google -- android In the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9457
MISC google -- android In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9458
MISC headwaythemes -- headway The Headway theme before 3.8.9 for WordPress has XSS via the license key field. 2019-09-13 4.3 CVE-2016-10953
MISC hgw168cc -- yii-cms YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. 2019-09-08 4.3 CVE-2019-16130
MISC
MISC humanica -- humatrix The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. 2019-09-10 5.0 CVE-2019-16106
MISC
MISC ibps_online_exam_project -- ibps_online_exam The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. 2019-09-10 6.5 CVE-2017-18602
EXPLOIT-DB if.svnadmin_project -- if.svnadmin iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. 2019-09-06 4.3 CVE-2019-15128
MISC imapfilter_project -- imapfilter IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. 2019-09-08 5.0 CVE-2016-10937
MISC
MISC jtrt_responsive_tables_project -- jtrt_responsive_tables The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. 2019-09-10 6.5 CVE-2017-18597
MISC
MISC
MISC k-takata -- onigmo Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. 2019-09-09 5.0 CVE-2019-16161
MISC
MISC k-takata -- onigmo Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. 2019-09-09 5.0 CVE-2019-16162
MISC kartatopia -- piluscart In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. 2019-09-08 5.0 CVE-2019-16123
MISC
MISC kilo_project -- kilo Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. 2019-09-08 5.0 CVE-2019-16096
MISC
MISC
MISC
MISC librenms -- librenms An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring. 2019-09-09 6.8 CVE-2019-10666
MISC librenms -- librenms An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths. 2019-09-09 5.0 CVE-2019-10667
MISC librenms -- librenms An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible. 2019-09-09 6.4 CVE-2019-10668
MISC librenms -- librenms An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru(). 2019-09-09 6.5 CVE-2019-10669
MISC
MISC librenms -- librenms An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php. 2019-09-09 4.3 CVE-2019-10670
MISC librenms -- librenms An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. 2019-09-09 6.5 CVE-2019-10671
MISC librenms -- librenms An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ. 2019-09-09 6.5 CVE-2019-12463
MISC librenms -- librenms An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. 2019-09-09 6.0 CVE-2019-12464
MISC librenms -- librenms An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. 2019-09-09 5.5 CVE-2019-12465
MISC libslirp_project -- libslirp libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. 2019-09-06 5.0 CVE-2019-15890
CONFIRM
MISC liferay -- liferay_portal Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. 2019-09-09 4.3 CVE-2019-16147
MISC limesurvey -- limesurvey An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. 2019-09-09 6.8 CVE-2019-16174
MISC
MISC limesurvey -- limesurvey A clickjacking vulnerability was found in Limesurvey before 3.17.14. 2019-09-09 4.3 CVE-2019-16175
MISC
MISC limesurvey -- limesurvey A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. 2019-09-09 5.0 CVE-2019-16176
MISC
MISC limesurvey -- limesurvey In Limesurvey before 3.17.14, the entire database is exposed through browser caching. 2019-09-09 5.0 CVE-2019-16177
MISC
MISC limesurvey -- limesurvey Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. 2019-09-09 5.0 CVE-2019-16179
MISC
MISC limesurvey -- limesurvey Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. 2019-09-09 5.0 CVE-2019-16180
MISC
MISC limesurvey -- limesurvey In Limesurvey before 3.17.14, admin users can mark other users' notifications as read. 2019-09-09 4.0 CVE-2019-16181
MISC
MISC limesurvey -- limesurvey A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. 2019-09-09 4.3 CVE-2019-16182
MISC
MISC limesurvey -- limesurvey In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. 2019-09-09 4.0 CVE-2019-16183
MISC
MISC limesurvey -- limesurvey In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. 2019-09-09 6.5 CVE-2019-16185
MISC
MISC limesurvey -- limesurvey In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. 2019-09-09 6.5 CVE-2019-16186
MISC
MISC limesurvey -- limesurvey Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. 2019-09-09 5.0 CVE-2019-16187
MISC
MISC magicfields -- magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter. 2019-09-10 4.3 CVE-2017-18609
MISC
MISC magicfields -- magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter. 2019-09-10 4.3 CVE-2017-18610
MISC
MISC magicfields -- magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter. 2019-09-10 4.3 CVE-2017-18611
MISC
MISC mautic -- mautic An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. 2019-09-06 4.3 CVE-2018-11198
MISC
CONFIRM mcafee -- active_response McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. 2019-09-11 5.0 CVE-2019-3643
CONFIRM mcafee -- active_response McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. 2019-09-11 5.0 CVE-2019-3644
CONFIRM mcafee -- web_gateway Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. 2019-09-12 4.3 CVE-2019-3638
CONFIRM mendix -- mendix In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. 2019-09-10 5.0 CVE-2019-12996
CONFIRM microfocus -- service_manager HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. 2019-09-10 5.0 CVE-2019-11668
CONFIRM microfocus -- service_manager Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. 2019-09-10 5.0 CVE-2019-11669
CONFIRM microsoft -- .net_core A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. 2019-09-11 5.0 CVE-2019-1301
MISC microsoft -- asp.net_core An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. 2019-09-11 6.8 CVE-2019-1302
MISC microsoft -- edge A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. 2019-09-11 4.3 CVE-2019-1220
MISC microsoft -- edge An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. 2019-09-11 4.3 CVE-2019-1299
MISC microsoft -- excel An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. 2019-09-11 4.3 CVE-2019-1263
MISC microsoft -- exchange_server A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. 2019-09-11 4.3 CVE-2019-1266
MISC microsoft -- lync An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. 2019-09-11 4.3 CVE-2019-1209
MISC microsoft -- office A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'. 2019-09-11 6.8 CVE-2019-1264
MISC microsoft -- project_rome An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'. 2019-09-11 4.3 CVE-2019-1231
MISC microsoft -- sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296. 2019-09-11 6.5 CVE-2019-1257
MISC microsoft -- sharepoint_enterprise_server An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. 2019-09-11 4.0 CVE-2019-1260
MISC microsoft -- sharepoint_enterprise_server A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259. 2019-09-11 6.8 CVE-2019-1261
MISC microsoft -- sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296. 2019-09-11 6.5 CVE-2019-1295
MISC microsoft -- sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. 2019-09-11 6.5 CVE-2019-1296
MISC microsoft -- sharepoint_foundation A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261. 2019-09-11 6.8 CVE-2019-1259
MISC microsoft -- visual_studio An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. 2019-09-11 4.6 CVE-2019-1232
MISC microsoft -- windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. 2019-09-11 5.5 CVE-2019-0928
MISC microsoft -- windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. 2019-09-11 4.3 CVE-2019-1244
MISC microsoft -- windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. 2019-09-11 4.3 CVE-2019-1245
MISC microsoft -- windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. 2019-09-11 4.3 CVE-2019-1252
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. 2019-09-11 4.6 CVE-2019-1277
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. 2019-09-11 4.6 CVE-2019-1278
MISC microsoft -- windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252. 2019-09-11 4.3 CVE-2019-1286
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'. 2019-09-11 4.6 CVE-2019-1287
MISC microsoft -- windows_10 A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. 2019-09-11 6.8 CVE-2019-1292
MISC microsoft -- yammer A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka 'Microsoft Yammer Security Feature Bypass Vulnerability'. 2019-09-11 5.0 CVE-2019-1265
MISC misp -- misp MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message. 2019-09-10 4.0 CVE-2019-16202
CONFIRM
MISC
MISC myhtml_project -- myhtml MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. 2019-09-09 4.3 CVE-2019-16164
MISC netapp -- oncommand_workflow_automation OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. 2019-09-10 5.0 CVE-2019-5503
CONFIRM netattingo -- wp-whois-domain The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. 2019-09-13 4.3 CVE-2017-18612
MISC
MISC netgear -- wnr2000_firmware An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. 2019-09-11 5.0 CVE-2019-5054
MISC netgear -- wnr2000_firmware An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. 2019-09-11 5.0 CVE-2019-5055
MISC nic -- bird BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. 2019-09-09 5.0 CVE-2019-16159
MISC
MISC
MISC
MISC
MISC
MISC ntt-east -- pr-400ki_firmware Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-09-12 6.8 CVE-2019-5986
MISC
CONFIRM oceanwp -- ocean_extra includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. 2019-09-11 5.0 CVE-2019-16250
MISC once_cell_project -- once_cell An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. 2019-09-09 5.0 CVE-2019-16141
MISC
MISC oniguruma_project -- oniguruma Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. 2019-09-09 5.0 CVE-2019-16163
MISC
MISC
MISC
MLIST opensc_project -- opensc An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. 2019-09-06 5.0 CVE-2019-16058
MLIST
MISC openssl -- openssl OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). 2019-09-10 5.0 CVE-2019-1549
CONFIRM
CONFIRM openssl -- openssl In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). 2019-09-10 4.3 CVE-2019-1563
MISC
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
CONFIRM opmantek -- open-audit The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. 2019-09-13 6.5 CVE-2019-16293
MISC padrinorb -- padrino-contrib The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption. 2019-09-09 4.3 CVE-2019-16145
MISC pagelines -- pagelines The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. 2019-09-13 6.8 CVE-2016-10945
MISC panasonic -- video_insight_vms SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2019-09-12 6.5 CVE-2019-5996
MISC phpmyadmin -- phpmyadmin A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. 2019-09-13 5.8 CVE-2019-12922
MISC
MISC
EXPLOIT-DB phpok -- oklite framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. 2019-09-08 6.5 CVE-2019-16131
MISC phpok -- oklite An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. 2019-09-08 5.5 CVE-2019-16132
MISC picoc_project -- picoc PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. 2019-09-13 6.8 CVE-2019-16277
MISC pinfinity_project -- pinfinity The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter. 2019-09-10 4.3 CVE-2017-18599
MISC piwigo -- piwigo admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm&#95;send&#95;html&#95;mail, nbm&#95;send&#95;mail&#95;as, nbm&#95;send&#95;detailed&#95;content, nbm&#95;complementary&#95;mail&#95;content, nbm&#95;send&#95;recent&#95;post&#95;dates, or param&#95;submit parameter. This is exploitable via CSRF. 2019-09-13 6.8 CVE-2019-13363
MISC
MISC
MISC
MISC piwigo -- piwigo admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat&#95;number, billing&#95;name, company, or billing&#95;address parameter. This is exploitable via CSRF. 2019-09-13 6.8 CVE-2019-13364
MISC
MISC
MISC
MISC plataformatec -- devise An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.) 2019-09-08 5.0 CVE-2019-16109
MISC
MISC
MISC podlove -- podlove_podcast_publisher The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. 2019-09-13 4.3 CVE-2016-10941
MISC
MISC
MISC postman-smtp_project -- postman-smtp The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. 2019-09-10 4.3 CVE-2017-18603
MISC
MISC py-lmdb_project -- py-lmdb An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. 2019-09-11 5.0 CVE-2019-16226
MISC py-lmdb_project -- py-lmdb An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. 2019-09-11 5.0 CVE-2019-16228
MISC python -- python An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. 2019-09-06 5.0 CVE-2019-16056
MISC
MISC
FEDORA sakailms -- sakai Sakai through 12.6 allows XSS via a chat user name. 2019-09-09 4.3 CVE-2019-16148
MISC sap -- businessobjects_business_intelligence_platform In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. 2019-09-10 5.0 CVE-2019-0352
MISC
CONFIRM sap -- hana_extended_application_services Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports. 2019-09-10 5.5 CVE-2019-0363
MISC
CONFIRM sap -- hana_extended_application_services Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. 2019-09-10 4.0 CVE-2019-0364
MISC
CONFIRM sap -- netweaver_application_server_java SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. 2019-09-10 6.5 CVE-2019-0355
MISC
CONFIRM sap -- netweaver_process_integration Under certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. 2019-09-10 4.0 CVE-2019-0356
MISC
CONFIRM sap -- supplier_relationship_management SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-09-10 4.3 CVE-2019-0361
MISC
CONFIRM sapplica -- sentrifugo Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. 2019-09-06 6.8 CVE-2019-16059
MISC search_exclude_project -- search_exclude search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes. 2019-09-09 5.0 CVE-2019-15895
MISC
MISC
MISC senecajs -- seneca Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. 2019-09-09 5.0 CVE-2019-5483
MISC silver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. 2019-09-08 6.8 CVE-2019-16099
MISC silver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. 2019-09-08 5.0 CVE-2019-16100
MISC silver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. 2019-09-08 5.0 CVE-2019-16101
MISC silver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. 2019-09-08 4.3 CVE-2019-16104
MISC silver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. 2019-09-08 4.0 CVE-2019-16105
MISC sirv -- sirv The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10950
MISC
MISC
MISC sitebuilder_dynamic_components_project -- sitebuilder_dynamic_components The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. 2019-09-10 5.0 CVE-2017-18604
MISC
MISC slickquiz_project -- slickquiz The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI. 2019-09-13 6.5 CVE-2019-12516
MISC
MISC slickquiz_project -- slickquiz An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber. 2019-09-13 4.3 CVE-2019-12517
MISC
MISC spot -- spot.im_comments The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues. 2019-09-10 4.3 CVE-2017-18608
MISC
MISC sqlite -- sqlite In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." 2019-09-09 5.0 CVE-2019-16168
MISC
MISC
MISC ss-proj -- shirasagi Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-09-12 5.8 CVE-2019-6009
MISC
MISC
MISC
MISC
MISC supervisord -- supervisor In supervisord in Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. WARNING: This issue will not be fixed by the maintainer. The ability to run an open server will not be removed because users often use it for local development, therefore no action will be taken. 2019-09-10 6.4 CVE-2019-12105
MISC
MISC
MISC symonics -- libmysofa Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. 2019-09-07 5.0 CVE-2019-16091
MISC symonics -- libmysofa Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. 2019-09-07 5.0 CVE-2019-16094
MISC symonics -- libmysofa Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. 2019-09-07 5.0 CVE-2019-16095
MISC sysstat_project -- sysstat sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. 2019-09-09 4.3 CVE-2019-16167
MISC
MISC teammatesolutions -- teammate+ A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request. 2019-09-09 4.3 CVE-2019-10253
MISC
MISC telegram -- telegram The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message). 2019-09-11 5.0 CVE-2019-16248
MISC
MISC
MISC theme-fusion -- avada The avada theme before 5.1.5 for WordPress has stored XSS. 2019-09-10 4.3 CVE-2017-18606
MISC theme-fusion -- avada The avada theme before 5.1.5 for WordPress has CSRF. 2019-09-10 6.8 CVE-2017-18607
MISC trendmicro -- deep_security_manager Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). 2019-09-11 4.0 CVE-2019-9488
N/A tri -- event_tickets CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. 2019-09-08 6.5 CVE-2019-16120
MISC
MISC
MISC trust_form_project -- trust_form The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. 2019-09-13 4.3 CVE-2017-18613
MISC
MISC ultra-prod -- wordpress_ultra_simple_paypal_shopping_cart Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-09-12 6.8 CVE-2019-5992
MISC vsourz -- cf7_invisible_recaptcha The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. 2019-09-09 4.3 CVE-2018-21012
MISC
MISC weaver -- eteams_oa An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/. 2019-09-08 4.0 CVE-2019-16133
MISC wordpress -- wordpress WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. 2019-09-11 4.3 CVE-2019-16217
MISC
MISC wordpress -- wordpress WordPress before 5.2.3 allows XSS in stored comments. 2019-09-11 4.3 CVE-2019-16218
MISC
MISC wordpress -- wordpress WordPress before 5.2.3 allows XSS in shortcode previews. 2019-09-11 4.3 CVE-2019-16219
MISC
MISC
MISC wordpress -- wordpress In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. 2019-09-11 5.8 CVE-2019-16220
MISC
MISC
MISC
MISC wordpress -- wordpress WordPress before 5.2.3 allows reflected XSS in the dashboard. 2019-09-11 4.3 CVE-2019-16221
MISC
MISC wordpress -- wordpress WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. 2019-09-11 4.3 CVE-2019-16222
MISC
MISC
MISC
MISC wp-kama -- kama_click_counter The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. 2019-09-13 4.3 CVE-2017-18615
MISC wpcharitable -- charitable The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. 2019-09-09 5.0 CVE-2018-21011
MISC
MISC xtremelocator -- xtremelocator The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10939
MISC
MISC xwiki -- cryptpad The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification. 2019-09-11 5.5 CVE-2019-15302
MISC
CONFIRM zm-gallery_project -- zm-gallery The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. 2019-09-13 6.5 CVE-2016-10940
MISC
MISC zx-csv-upload_project -- zx-csv-upload The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10943
MISC
MISC
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info atlassian -- jira Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. 2019-09-11 3.5 CVE-2019-8450
N/A buddyboss -- buddymoss_media The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. 2019-09-09 3.5 CVE-2018-21014
MISC cybozu -- garoon DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-09-12 3.5 CVE-2019-5975
MISC
MISC dell -- rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. 2019-09-11 3.5 CVE-2019-3761
CONFIRM dell -- rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. 2019-09-11 2.1 CVE-2019-3763
CONFIRM esri -- arcgis_enterprise In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. 2019-09-11 3.5 CVE-2019-16193
MISC getgophish -- gophish Gophish through 0.8.0 allows XSS via a username. 2019-09-09 3.5 CVE-2019-16146
MISC gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. 2019-09-09 3.5 CVE-2019-11546
CONFIRM
CONFIRM gitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. 2019-09-09 3.5 CVE-2019-11548
CONFIRM
CONFIRM google -- android In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9245
MISC google -- android In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9444
MISC google -- android In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9445
MISC google -- android In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9449
MISC google -- android In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9452
MISC google -- android In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9453
MISC google -- android In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9455
MISC ibps_online_exam_project -- ibps_online_exam The examapp plugin 1.0 for WordPress has XSS via exam input text fields. 2019-09-10 3.5 CVE-2017-18601
EXPLOIT-DB jenkins -- beaker_builder Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-09-12 2.1 CVE-2019-10398
MLIST
MISC limesurvey -- limesurvey LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. 2019-09-09 3.5 CVE-2019-16172
MISC
FULLDISC
MISC
BUGTRAQ
MISC limesurvey -- limesurvey LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, 2019-09-09 3.5 CVE-2019-16173
MISC
FULLDISC
MISC
BUGTRAQ
MISC limesurvey -- limesurvey A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page. 2019-09-09 3.5 CVE-2019-16178
MISC
MISC microsoft -- .net_framework An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. 2019-09-11 2.1 CVE-2019-1142
MISC microsoft -- sharepoint_foundation A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. 2019-09-11 3.5 CVE-2019-1262
MISC microsoft -- team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. 2019-09-11 3.5 CVE-2019-1305
MISC microsoft -- windows_10 An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1216
MISC microsoft -- windows_10 An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1219
MISC microsoft -- windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245. 2019-09-11 2.1 CVE-2019-1251
MISC microsoft -- windows_10 An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1254
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'. 2019-09-11 3.6 CVE-2019-1270
MISC microsoft -- windows_10 A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. 2019-09-11 3.5 CVE-2019-1273
MISC microsoft -- windows_10 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1274
MISC microsoft -- windows_10 An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1282
MISC microsoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. 2019-09-11 3.6 CVE-2019-1289
MISC microsoft -- windows_10 An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1293
MISC microsoft -- windows_10 A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. 2019-09-11 2.1 CVE-2019-1294
MISC microsoft -- windows_7 An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1283
MISC ncrafts -- formcraft The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field. 2019-09-10 3.5 CVE-2017-18600
MISC openssl -- openssl Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). 2019-09-10 1.9 CVE-2019-1547
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
CONFIRM sap -- business_one_client Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. 2019-09-10 2.1 CVE-2019-0353
MISC
CONFIRM ttlock -- ttlock TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. 2019-09-10 3.3 CVE-2019-12942
MISC ttlock -- ttlock TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. 2019-09-10 2.6 CVE-2019-12943
MISC w1.fi -- hostapd hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. 2019-09-12 3.3 CVE-2019-16275
MLIST
MISC
MISC
MISC webcraftic -- woody_ad_snippets The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. 2019-09-13 3.5 CVE-2019-16289
MISC
MISC
MISC wordpress -- wordpress WordPress before 5.2.3 allows XSS in post previews by authenticated users. 2019-09-11 3.5 CVE-2019-16223
MISC
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 3s_smart_software_solutions -- codesys_v3_web_server CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. 2019-09-13 not yet calculated CVE-2019-13532
MISC 3s_smart_software_solutions -- codesys_v3_web_server CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. 2019-09-13 not yet calculated CVE-2019-13548
MISC arubanetworks -- arubaos A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x. 2019-09-13 not yet calculated CVE-2019-5315
CONFIRM arubanetworks -- arubaos A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked. 2019-09-13 not yet calculated CVE-2018-7081
CONFIRM
MISC bosch -- access_professional_edition Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. 2019-09-12 not yet calculated CVE-2019-11898
CONFIRM dino -- dino Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. 2019-09-11 not yet calculated CVE-2019-16235
MLIST
MISC
MISC dino -- dino Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. 2019-09-11 not yet calculated CVE-2019-16236
MLIST
MISC
MISC

dino -- dino

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. 2019-09-11 not yet calculated CVE-2019-16237
MLIST
MISC
MISC ec-cube -- amazon_pay_plugin Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-6003
MISC
MISC eclipse_foundation -- eclipse_omr Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. 2019-09-12 not yet calculated CVE-2019-11774
CONFIRM flamenet -- flamecms FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. 2019-09-14 not yet calculated CVE-2019-16309
MISC fuji_xerox -- apeosware_management_suite_and_apeosware_management_suite_2 Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-6004
MISC
MISC fuji_xerox -- docushare A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). 2019-09-14 not yet calculated CVE-2019-16307
MISC gitlab -- community_and_enterprise_edition An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. 2019-09-09 not yet calculated CVE-2019-5471
MISC
CONFIRM
MISC gitlab -- community_and_enterprise_edition An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. 2019-09-09 not yet calculated CVE-2019-5461
MISC
CONFIRM
MISC gitlab -- community_and_enterprise_edition An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. 2019-09-09 not yet calculated CVE-2019-5463
CONFIRM
MISC gitlab -- community_and_enterprise_edition An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. 2019-09-09 not yet calculated CVE-2019-5467
CONFIRM
MISC harbor -- harbor core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.9.0-rc1. 2019-09-08 not yet calculated CVE-2019-16097
MISC
MISC hikari_denwa -- router_operating_system
  Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-5985
MISC
CONFIRM ifw8 -- router_rom ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. 2019-09-14 not yet calculated CVE-2019-16313
MISC indexhibit -- indexhibit Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. 2019-09-14 not yet calculated CVE-2019-16314
MISC integard -- integard_home_and_integard_pro_2 The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. 2019-09-13 not yet calculated CVE-2010-5333
MISC
MISC
MISC jenkins -- jenkins A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. 2019-09-12 not yet calculated CVE-2019-10393
MLIST
MISC jenkins -- jenkins Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. 2019-09-12 not yet calculated CVE-2019-10395
MLIST
MISC jenkins -- jenkins Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. 2019-09-12 not yet calculated CVE-2019-10396
MLIST
MISC jenkins -- jenkins Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. 2019-09-12 not yet calculated CVE-2019-10397
MLIST
MISC jenkins -- jenkins A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. 2019-09-12 not yet calculated CVE-2019-10394
MLIST
MISC jenkins -- jenkins Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. 2019-09-12 not yet calculated CVE-2019-10392
MLIST
MISC jhipster -- jhipster_and_jhipster_kotlin A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover. 2019-09-13 not yet calculated CVE-2019-16303
MISC
MISC
MISC
MISC
MISC kddi_corporation -- smart_tv_box Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP. 2019-09-12 not yet calculated CVE-2019-6005
MISC libra -- libra Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \r character. 2019-09-11 not yet calculated CVE-2019-16214
MISC
MISC
MISC line_corporation -- apng-drawable Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-6007
MISC linux -- linux_kernel In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. 2019-09-13 not yet calculated CVE-2019-15031
MISC
MISC linux -- linux_kernel In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. 2019-09-13 not yet calculated CVE-2019-15030
MISC
MISC mcafee -- total_protection_free_antivirus_trial DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. 2019-09-13 not yet calculated CVE-2019-3646
CONFIRM mobatech -- mobaxterm In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. 2019-09-14 not yet calculated CVE-2019-16305
MISC motorola -- motorola_devices Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. 2019-09-12 not yet calculated CVE-2019-16257
MISC niushop -- niushop NIUSHOP V1.11 has CSRF via search&#95;info to index.php. 2019-09-14 not yet calculated CVE-2019-16311
MISC niushop -- niushop NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. 2019-09-14 not yet calculated CVE-2019-16310
MISC notepad++ -- notepad++ SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. 2019-09-14 not yet calculated CVE-2019-16294
MISC
MISC
MISC nxp_semiconductors -- kinetis_kv1x_and_kinetis_kv3x_and_kinetis_k8x_devices On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. 2019-09-12 not yet calculated CVE-2019-14237
MISC philips -- intellivue_m3002a_x2_mms_transport_monitor/module_and_ intellivue_mp_monitors Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. 2019-09-12 not yet calculated CVE-2019-13530
MISC philips -- intellivue_m3002a_x2_mms_transport_monitor/module_and_ intellivue_mp_monitors Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. 2019-09-12 not yet calculated CVE-2019-13534
MISC pimcore -- pimcore In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. 2019-09-14 not yet calculated CVE-2019-16318
MISC
MISC pimcore -- pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. 2019-09-14 not yet calculated CVE-2019-16317
MISC
MISC s-cms -- s-cms s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. 2019-09-14 not yet calculated CVE-2019-16312
MISC samsung -- samsung_devices Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. 2019-09-12 not yet calculated CVE-2019-16256
MISC siemens -- ei/wsn-pa_link_wirelesshart_gateway A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. 2019-09-13 not yet calculated CVE-2019-13923
MISC siemens -- simatic_tdc_cp51m1_module A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-10937
MISC siemens -- sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-13919
MISC siemens -- sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-13918
MISC siemens -- sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-13920
MISC siemens -- sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-13922
MISC stmicroelectronics -- stm32l_family_devices On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. 2019-09-12 not yet calculated CVE-2019-14236
MISC vivotek -- ipcam_firmware An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. 2019-09-10 not yet calculated CVE-2019-10256
CONFIRM
MISC vivotek -- ipcam_firmware VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. 2019-09-10 not yet calculated CVE-2019-14457
CONFIRM wordpress -- wordpress The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. 2019-09-13 not yet calculated CVE-2016-10951
MISC
MISC
MISC wordpress -- wordpress The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. 2019-09-13 not yet calculated CVE-2016-10947
MISC wordpress -- wordpress The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. 2019-09-13 not yet calculated CVE-2016-10948
MISC wordpress -- wordpress The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. 2019-09-13 not yet calculated CVE-2016-10949
MISC wordpress -- wordpress Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-5993
MISC wordpress -- wordpress The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. 2019-09-13 not yet calculated CVE-2016-10952
MISC
MISC
MISC wordpress -- wordpress The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. 2019-09-13 not yet calculated CVE-2016-10954
MISC wordpress -- wordpress The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. 2019-09-13 not yet calculated CVE-2016-10955
MISC
MISC wordpress -- wordpress The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php. 2019-09-09 not yet calculated CVE-2018-21013
MISC wordpress -- wordpress The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. 2019-09-13 not yet calculated CVE-2016-10944
MISC
MISC wordpress -- wordpress The wp-d3 plugin before 2.4.1 for WordPress has CSRF. 2019-09-13 not yet calculated CVE-2016-10946
MISC
MISC Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Intel Releases Security Updates

US-CERT All NCAS Products - Wed, 09/11/2019 - 01:45
Original release date: September 10, 2019

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Intel's Security Advisories INTEL-SA-00290 and INTEL-SA-00285 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Google Releases Security Updates for Chrome

US-CERT All NCAS Products - Wed, 09/11/2019 - 00:25
Original release date: September 10, 2019

Google has released Chrome version 77.0.3865.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

MS-ISAC Releases Security Event Primer on Malware

US-CERT All NCAS Products - Tue, 09/10/2019 - 19:01
Original release date: September 10, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Event Primer on Malware. The white paper outlines general malware operations and includes common malware event types and best practice recommendations. An attacker can use malware to gain access to a network, obtain sensitive data, and damage systems.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC’s White Paper: Security Event Primer – Malware, see CISA’s Tip on Protecting Against Malicious Code, and implement the recommended best practices.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Microsoft Releases September 2019 Security Updates

US-CERT All NCAS Products - Tue, 09/10/2019 - 18:43
Original release date: September 10, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s September 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Adobe Releases Security Updates

US-CERT All NCAS Products - Tue, 09/10/2019 - 18:14
Original release date: September 10, 2019

Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-45 and APSB19-46 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

North Korean Malicious Cyber Activity

US-CERT All NCAS Products - Mon, 09/09/2019 - 16:59
Original release date: September 9, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variants—referred to as ELECTRICFISH and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review the HIDDEN COBRA - North Korean Malicious Cyber Activity page, which contains links to Malware Analysis Reports MAR-10135536-21 and MAR-10135536-10, for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

MAR-10135536-10 – North Korean Trojan: BADCALL

US-CERT All NCAS Products - Mon, 09/09/2019 - 15:30
Original release date: September 9, 2019

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

FBI Safe Online Surfing Challenge

US-CERT All NCAS Products - Mon, 09/09/2019 - 15:25
Original release date: September 9, 2019

The Federal Bureau of Investigation (FBI) has launched the Safe Online Surfing (SOS) Challenge, encouraging educators to promote web literacy and safety for students during the 2019-20 school year. FBI developed the program to educate children on how to navigate the web securely using activities that correspond with specific grade levels. Public, private, and home schools with at least five students are eligible to participate in the online challenge.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI SOS Challenge Announcement and the CISA Tip Keeping Children Safe Online.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

MAR-10135536-21 – North Korean Proxy Malware: ELECTRICFISH

US-CERT All NCAS Products - Mon, 09/09/2019 - 15:23
Original release date: September 9, 2019
Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.

Summary Description

This Malware Analysis Report (MAR) is the result of analytic efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD). Working with U.S. Government partners, DHS, FBI, and DoD identified proxy malware variants used by the North Korean government - referred to by the U.S. Government as ELECTRICFISH. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https[:]//www[.]us-cert.gov/hiddencobra.

DHS, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

This report provides analysis of two malicious 32-bit Windows executable file. The malware implements a custom protocol that allows traffic to be tunneled between a source and a destination Internet Protocol (IP) address. The malware continuously attempts to reach out to the source and the designation system, which allows either side to initiate a tunneling session. The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network.

For a downloadable copy of IOCs, see:

Submitted Files (2)

7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1 (0BA6BB2AD05D86207B5303657E3F68...)

a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb (8d9123cd2648020292b5c35edc9ae2...)

Findings a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb Tags

droppertrojan

Details Name 8d9123cd2648020292b5c35edc9ae22e Size 1422336 bytes Type PE32 executable (GUI) Intel 80386, for MS Windows MD5 8d9123cd2648020292b5c35edc9ae22e SHA1 0939363ff55d914e92635e5f693099fb28047602 SHA256 a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb SHA512 646697e3d5146e05a221183f6c9f00f5eb38400ef9a2f83bfd0fcf2f8af1a7efff99c0a3486740c745ce6cf0939c4f0678cb818cbbff8ed2b28a703fe8d823bb ssdeep 24576:HsO8RKL6OLnWZGFbHq0aMow5Q3gkD/74tU3hYPgP5IyrMsEOhVRpxHkADUHEPbzJ:0KjKHMbO3pkoBIyIstVRpxHL1bF Entropy 6.703195 Antivirus Ahnlab HackTool/Win32.Agent Antiy Trojan[Banker]/Win32.Alreay Avira TR/AD.Stantinko.gkqij BitDefender Gen:Variant.Ursu.349885Unclassified ClamAV Win.Dropper.Electricfish-6976665-0 Cyren W32/Trojan.TWUO-7654 ESET a variant of Win32/NukeSped.FQ trojan Emsisoft Gen:Variant.Ursu.349885 (B) Ikarus Trojan.Win32.HackTool K7 Hacktool ( 0054e46d1 ) Kaspersky Trojan.Win32.Agent.xaadtn McAfee ElectricFish Microsoft Security Essentials HackTool:Win32/ElecFish.A!dha NANOAV Trojan.Win32.Alreay.fvrmai Quick Heal Trojan.Ursu Sophos Troj/ElecFish-A Symantec Unavailable (production) TACHYON Trojan/W32.Electricfish.1422336 VirusBlokAda Trojan.Agent Zillya! Tool.ElectricFish.Win32.2 Yara Rules hidden_cobra_consolidated.yara rule electricfish { meta: Author = "CISA trusted 3rd party" Incident = "10135536" Date = "2019-08-14" Category = "Hidden_Cobra" Family = "ELECTRICFISH" Description = "Detects logging functionality" MD5_1 = "0ba6bb2ad05d86207b5303657e3f6874" SHA256_1 = "7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1" strings: $ = "LLgcIP" $ = "CCGC_LOG" $ = "LLGC_LOG" condition: uint16(0) == 0x5a4d and uint16(uint32(0x3c)) == 0x4550 and all of them } ssdeep Matches

No matches found.

PE Metadata Compile Date 2018-09-29 11:55:36-04:00 Import Hash 3549cfa19e60aa9239f79d80e19279fa PE Sections MD5 Name Raw Size Entropy 08bb17d8e839e7fc92426e813a696e73 header 1024 2.590786 6c3daca3c522ab98a8ac12a45087297c .text 983040 6.595856 3d3d7962d16652002018640a3fa27d44 .rdata 340480 6.187858 b7f382ea7e6c9c8e737cb92551341e64 .data 37888 4.714377 871fb8486e5ea3307ff7b65ddf46518a .rsrc 512 5.112624 382715f8e776a544bf70f843a52e3ff2 .reloc 59392 6.015022 Packers/Compilers/Cryptors Microsoft Visual C++ ?.? Description

This file is a malicious Windows 32-bit executable. The application is a command-line utility and its primary purpose is to tunnel traffic between two IP addresses. The application accepts the following command-line arguments, which can be utilized to authenticate with a proxy server:

--Begin command-line arguments--
-l,--log [Show Debug Message]
-pw,--password [Password]
-u,--username [UserName]
-do,--domain [DomainName]
-p,--proxy [ProxyIP:Port]
-d,--destination [TargetIP:Port]
-s,--server [LLgcIP:Port]
-h,--help [Show this help message]
--End command-line arguments--

Displayed below is an example:

--Begin Example Usage--
Source IP/Port: 192.0.2.1:92
Dest IP/Port: 198.51.100.1:92
Proxy IP/Port: 203.0.113.1:92
Proxy User Name: test
Proxy Password: testpw

a12.exe -s 192.0.2.1:92 -d 198.51.100.1:92 -p 203.0.113.1:92 -u test -pw testpw​
--End Example Usage--

It will attempt to establish TCP sessions with the source IP address and the destination IP address. If a connection is made to both the source and destination IPs, this malicious utility will implement a custom protocol, which will allow traffic to rapidly and efficiently be tunneled between two machines. If necessary, the malware can authenticate with a proxy to be able to reach the destination IP address. A configured proxy server is not required for this utility.

After the malware authenticates with the configured proxy, it will immediately attempt to establish a session with the destination IP address, located outside of the target network and the source IP address. The header of the initial authentication packet, sent to both the source and destination systems, will be static except for two random bytes. Everything within this 34-byte header is static except for the bytes 0X2B6E, which will change during each connection attempt. Displayed below (and displayed in Figure 7) is the packet header.

--Begin Authentication Packet Sent to Destination System--
6161616162626262636363636464646400000000000000002B6E0000040000009210
--End Authentication Packet Sent to Destination System--

Screenshots

Figure 1 -

Figure 2 -

Figure 3 -

Figure 4 -

Figure 5 -

Figure 6 -

Figure 7 -

7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1 Tags

trojan

Details Name 0BA6BB2AD05D86207B5303657E3F6874 Size 1436160 bytes Type PE32 executable (GUI) Intel 80386, for MS Windows MD5 0ba6bb2ad05d86207b5303657e3f6874 SHA1 ad44567c8709df4889d381a0a64cc4b49e5004c3 SHA256 7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1 SHA512 cce39d397a661a5b1c7504f4001e1683231b4d8fb77499102c06532b3ec38f775e544493166e75076460f444b27a15a1ab68237ceb26454b934ee6020c2b0e16 ssdeep 24576:NUPhrrn8YtZM9hjGMjxyK9Ws/6oYJt1wY2ZJIZ7IOAZSRpxtwQDCbzEG:qKjGMjQcGsw7IFSRpxtnDCbF Entropy 6.704631 Antivirus AegisLab Trojan.Win32.Alreay.tqBn Ahnlab HackTool/Win32.Agent Antiy Trojan[Banker]/Win32.Alreay Avira TR/AD.Stantinko.ysgqb BitDefender Trojan.GenericKD.32262757Unclassified Cyren W32/Alreay.DVWS-3035 ESET a variant of Win32/NukeSped.FQ trojan Emsisoft Trojan.GenericKD.32262757 (B) Ikarus Trojan.Win32.HackTool K7 Trojan ( 00555fff1 ) Kaspersky Trojan-Banker.Win32.Alreay.gen NANOAV Trojan.Win32.Alreay.fvvzst Quick Heal Trojan.Alreay Sophos Troj/ElecFish-A Symantec Unavailable (production) VirusBlokAda TrojanBanker.Alreay Yara Rules hidden_cobra_consolidated.yara rule electricfish { meta: Author = "CISA trusted 3rd party" Incident = "10135536" Date = "2019-08-14" Category = "Hidden_Cobra" Family = "ELECTRICFISH" Description = "Detects logging functionality" MD5_1 = "0ba6bb2ad05d86207b5303657e3f6874" SHA256_1 = "7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1" strings: $ = "LLgcIP" $ = "CCGC_LOG" $ = "LLGC_LOG" condition: uint16(0) == 0x5a4d and uint16(uint32(0x3c)) == 0x4550 and all of them } ssdeep Matches

No matches found.

PE Metadata Compile Date 2018-11-14 20:15:34-05:00 Import Hash 6627b5310efbf9651800ff9ae616be5f PE Sections MD5 Name Raw Size Entropy a781fcd65f93beca71b7b94c3a82ba84 header 1024 2.613318 b081ec452c4927cbc91e8d5d36e75eeb .text 996352 6.592977 131c905ab5153076e77c057bedabcb0d .rdata 340992 6.196190 7261cf1375f63e279189afc08b5486f4 .data 37888 4.740711 bef352ccee242ff585187966059808aa .rsrc 512 5.112624 39f472191c636cf6112a68713b5e6114 .reloc 59392 6.065172 Packers/Compilers/Cryptors Microsoft Visual C++ ?.? Description

This file is a malicious Windows 32-bit executable. The application is a command-line utility and its primary purpose is to tunnel traffic between two IP addresses. This file is a variant of 8d9123cd2648020292b5c35edc9ae22e.

Displayed below is the session header of the initial authentication packet, sent to both the source and destination systems:

--Begin TCP session header--
CONNECT Server IP:PORT HTTP/1.0
User-Agent:Mozilla/4.0 (compatible; MSIE 5.5; Win32)
proxy-Connection: Keep-Alive
Pragma: no-cache
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAwADAAoAAAADwAPADQAAAAAAAAAAAAAAFdXVy5HT1RPLkNPTVdJTi00OUFUTlVSNjZNVA==
--End TCP session header--

Recommendations

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
  • Monitor users' web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, "Guide to Malware Incident Prevention & Handling for Desktops and Laptops".

Contact Information

CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or soc@us-cert.gov.

Can I submit malware to CISA? Malware samples can be submitted via three methods:

CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA's homepage at www.us-cert.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Vulnerability Summary for the Week of September 2, 2019

US-CERT All NCAS Products - Mon, 09/09/2019 - 11:49
Original release date: September 9, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info alfresco -- alfresco An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface. 2019-09-05 7.5 CVE-2019-14222
MISC alfresco -- alfresco An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution. 2019-09-05 9.0 CVE-2019-14224
MISC artifex -- ghostscript A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. 2019-09-06 7.5 CVE-2019-14813
CONFIRM
CONFIRM asus -- precision_touchpad AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. 2019-09-04 7.5 CVE-2019-10709
MISC
MISC broadcom -- ca_client_automation An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. 2019-09-06 7.5 CVE-2019-13656
MISC cisco -- jabber A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software. 2019-09-04 7.2 CVE-2019-12645
CISCO cisco -- nx-os A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default. 2019-08-30 7.8 CVE-2019-1967
CISCO cisco -- unified_computing_system A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device. 2019-08-30 7.2 CVE-2019-1966
CISCO cisco -- webex_teams A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. 2019-09-04 9.3 CVE-2019-1939
CISCO egain -- chat eGain Chat 15.0.3 allows unrestricted file upload. 2019-09-04 7.5 CVE-2019-13976
MISC eventum_project -- eventum Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2. 2019-09-05 7.5 CVE-2018-11569
MISC exim -- exim Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. 2019-09-06 10.0 CVE-2019-15846
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
FEDORA
FEDORA
BUGTRAQ
GENTOO
UBUNTU
DEBIAN
CERT-VN
MISC freebsd -- freebsd In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. 2019-08-30 7.5 CVE-2019-5608
CONFIRM freebsd -- freebsd In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. 2019-08-30 7.8 CVE-2019-5611
MISC
BUGTRAQ
CONFIRM freebsd -- freebsd In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer. 2019-08-30 7.8 CVE-2019-5612
CONFIRM fusionpbx -- fusionpbx FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command. 2019-09-05 9.0 CVE-2019-15029
MISC
MISC
MISC google -- android NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address 2019-09-06 7.2 CVE-2018-6240
MISC google -- android In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. 2019-09-05 9.3 CVE-2019-2108
MISC google -- android In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-05 7.2 CVE-2019-2115
MISC google -- android In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-05 7.2 CVE-2019-2174
MISC google -- android In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. 2019-09-05 9.3 CVE-2019-2176
MISC google -- android In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-05 7.2 CVE-2019-2178
MISC google -- android In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-05 7.2 CVE-2019-9254
MISC hanwha-security -- srn-472s_firmware An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device. 2019-09-05 7.8 CVE-2019-12223
MISC
MISC
MISC libreoffice -- libreoffice LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. 2019-09-06 7.5 CVE-2019-9854
CONFIRM libreoffice -- libreoffice LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. 2019-09-06 7.5 CVE-2019-9855
CONFIRM linux -- linux_kernel An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. 2019-09-04 7.2 CVE-2017-18595
MISC
MISC linux -- linux_kernel A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. 2019-09-04 7.5 CVE-2019-15902
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. 2019-09-04 7.8 CVE-2019-15916
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. 2019-09-04 7.2 CVE-2019-15917
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21. 2019-09-04 7.2 CVE-2019-15918
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. 2019-09-04 7.2 CVE-2019-15919
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak. 2019-09-04 7.2 CVE-2019-15920
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c. 2019-09-04 7.2 CVE-2019-15925
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c. 2019-09-04 9.4 CVE-2019-15926
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. 2019-09-04 7.2 CVE-2019-15927
MISC
MISC nagios -- nagios_xi Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root. 2019-09-05 9.0 CVE-2019-15949
MISC opensc_project -- opensc OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. 2019-09-05 7.5 CVE-2019-15945
MISC
MISC opensc_project -- opensc OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. 2019-09-05 7.5 CVE-2019-15946
MISC
MISC pengutronix -- barebox Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. 2019-09-05 7.5 CVE-2019-15937
MISC pengutronix -- barebox Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. 2019-09-05 7.5 CVE-2019-15938
MISC restaurant_reservations_project -- restaurant_reservations The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. 2019-08-30 7.5 CVE-2019-15819
MISC
MISC
MISC sonatype -- nexus_repository_manager The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. 2019-09-03 9.0 CVE-2019-5475
MISC symphonyextensions -- rich_text_formatter The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. 2019-09-05 7.5 CVE-2019-13187
MISC
MISC totaljs -- total.js_cms An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script> 2019-09-05 9.0 CVE-2019-15954
MISC
MISC varnish-cache -- varnish An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. 2019-09-03 7.8 CVE-2019-15892
BUGTRAQ
MISC
DEBIAN wpbrigade -- loginpress The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. 2019-09-03 7.5 CVE-2019-15872
MISC
MISC wpserveur -- wps_child_theme_generator The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. 2019-08-30 7.5 CVE-2019-15822
MISC
MISC
MISC wpserveur -- wps_hide_login The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. 2019-08-30 7.5 CVE-2019-15823
MISC
MISC
MISC wpserveur -- wps_hide_login The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. 2019-08-30 7.5 CVE-2019-15824
MISC
MISC
MISC wpserveur -- wps_hide_login The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. 2019-08-30 7.5 CVE-2019-15825
MISC
MISC
MISC wpserveur -- wps_hide_login The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. 2019-08-30 7.5 CVE-2019-15826
MISC
MISC
MISC xiaoyi -- yi_m1_mirrorless_camera_firmware An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication. 2019-09-06 8.3 CVE-2019-13953
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 10web -- photo_gallery The photo-gallery plugin before 1.2.42 for WordPress has CSRF. 2019-08-30 6.8 CVE-2015-9380
MISC
MISC
MISC abus -- secvest_wireless_alarm_system_fuaa50000_firmware An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. 2019-09-03 5.0 CVE-2019-14261
MISC
FULLDISC
BUGTRAQ
MISC airbrake -- airbrake_ruby The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected). 2019-09-06 5.0 CVE-2019-16060
MISC apache -- commons_compress The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. 2019-08-30 5.0 CVE-2019-12402
MISC artifex -- ghostscript A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. 2019-09-03 6.8 CVE-2019-14811
CONFIRM bitcoin -- bitcoin-qt In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command. 2019-09-05 5.0 CVE-2019-15947
MISC
MISC blynk -- blynk-library An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. 2019-09-05 5.0 CVE-2019-5065
MISC bold-themes -- bold_page_builder The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. 2019-08-30 5.0 CVE-2019-15821
MISC
MISC
MISC canon -- print The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key. 2019-09-05 4.3 CVE-2019-14339
MISC
MISC cisco -- content_security_management_appliance A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users. 2019-09-04 4.0 CVE-2019-12635
CISCO cisco -- finesse A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions. 2019-09-04 5.0 CVE-2019-12632
CISCO cisco -- identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-09-04 4.3 CVE-2019-12644
CISCO cisco -- network_level_service A vulnerability in the &ldquo;plug-and-play&rdquo; services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials. 2019-09-04 5.0 CVE-2019-1976
CISCO cisco -- nx-os A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. 2019-08-30 5.0 CVE-2019-1968
CISCO cisco -- nx-os A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name. 2019-08-30 5.0 CVE-2019-1969
CISCO cisco -- nx-os A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism. 2019-08-30 4.3 CVE-2019-1977
CISCO cisco -- unified_contact_center_express A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions. 2019-09-04 5.0 CVE-2019-12633
CISCO convertplug -- convertplus The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. 2019-09-03 5.0 CVE-2019-15863
MISC custom_404_pro_project -- custom_404_pro The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. 2019-08-30 4.3 CVE-2019-15838
MISC
MISC dell -- emc_enterprise_copy_data_management Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim?s data in transit. 2019-09-03 5.8 CVE-2019-3751
MISC dell -- emc_unity_operating_environment Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. 2019-09-03 4.3 CVE-2019-3754
CONFIRM egain -- chat eGain Chat 15.0.3 allows HTML Injection. 2019-09-04 4.3 CVE-2019-13975
MISC eng -- knowage In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. 2019-09-05 5.0 CVE-2019-13188
MISC eng -- knowage In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page. 2019-09-05 5.0 CVE-2019-13190
MISC epignosishq -- efront_lms A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. 2019-09-05 6.5 CVE-2019-5069
MISC epignosishq -- efront_lms An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. 2019-09-05 6.4 CVE-2019-5070
MISC espressif -- esp-idf The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. 2019-09-04 4.8 CVE-2019-12587
MISC
MISC
MISC estrongs -- es_file_explorer_file_manager The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage. 2019-09-05 5.0 CVE-2019-11380
MISC estsoft -- alsee A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. 2019-08-30 6.8 CVE-2019-12810
CONFIRM ezautomation -- ez_plc_editor An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. 2019-09-04 6.8 CVE-2019-13522
MISC ezautomation -- ez_touch_editor An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. 2019-09-04 6.8 CVE-2019-13518
MISC f5 -- big-ip_access_policy_manager On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges. 2019-09-04 6.5 CVE-2019-6646
MISC facebook -- facebook_for_woocommerce The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. 2019-08-30 6.8 CVE-2019-15840
MISC facebook -- facebook_for_woocommerce The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. 2019-08-30 6.8 CVE-2019-15841
MISC ffmpeg -- ffmpeg FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. 2019-09-05 6.8 CVE-2019-15942
MISC freebsd -- freebsd In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host. 2019-08-30 6.4 CVE-2019-5609
CONFIRM freebsd -- freebsd In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. 2019-08-30 5.0 CVE-2019-5610
MISC
BUGTRAQ
CONFIRM freedesktop -- poppler Poppler before 0.76.0 has an integer overflow in Parser::makeStream in Parser.cc. 2019-09-05 6.8 CVE-2018-21009
MISC freetype -- freetype FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. 2019-09-03 6.8 CVE-2015-9381
MISC
MLIST
MISC freetype -- freetype FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. 2019-09-03 4.3 CVE-2015-9382
MISC
MLIST
MISC freetype -- freetype FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. 2019-09-03 4.3 CVE-2015-9383
MISC
MLIST
MISC glyphandcog -- xpdfreader Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002. 2019-09-03 4.3 CVE-2019-15860
MISC gnu -- gcc The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. 2019-09-02 5.0 CVE-2019-15847
MISC google -- android In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-05 4.6 CVE-2019-2123
MISC google -- android In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2019-09-05 4.4 CVE-2019-2175
MISC google -- android In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. 2019-09-05 6.8 CVE-2019-2177
MISC google -- android In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. 2019-09-05 4.3 CVE-2019-2179
MISC google -- android In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2019-09-05 6.9 CVE-2019-2181
MISC grafana -- grafana In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. 2019-09-03 5.0 CVE-2019-15043
CONFIRM
MISC
MISC
CONFIRM
FEDORA
FEDORA ibm -- intelligent_operations_center IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. 2019-09-05 5.0 CVE-2019-4321
CONFIRM
XF ibm -- jazz_for_service_management IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976. 2019-09-05 4.3 CVE-2019-4186
XF
CONFIRM instagram-php-api_project -- instagram-php-api cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. 2019-09-04 4.3 CVE-2019-14470
MISC
MISC
MISC
EXPLOIT-DB jetbrains -- teamcity JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. 2019-09-05 4.3 CVE-2019-15848
CONFIRM knowage-suite -- knowage In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. 2019-09-05 4.0 CVE-2019-13349
MISC knowage-suite -- knowage In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. 2019-09-05 5.0 CVE-2019-14278
MISC lenovo -- xclarity_administrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. 2019-09-03 5.0 CVE-2019-6179
MISC lenovo -- xclarity_administrator A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. 2019-09-03 4.3 CVE-2019-6181
MISC lenovo -- xclarity_administrator A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself. 2019-09-03 4.0 CVE-2019-6182
MISC libexpat_project -- libexpat In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. 2019-09-04 5.0 CVE-2019-15903
MISC
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. 2019-09-04 4.9 CVE-2018-21008
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. 2019-09-04 4.6 CVE-2019-15921
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. 2019-09-04 4.9 CVE-2019-15922
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. 2019-09-04 4.9 CVE-2019-15923
MISC
MISC linux -- linux_kernel An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure. 2019-09-04 4.9 CVE-2019-15924
MISC
MISC login_or_logout_menu_item_project -- login_or_logout_menu_item The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. 2019-08-30 5.8 CVE-2019-15820
MISC
MISC
MISC memcached -- memcached memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. 2019-08-30 5.0 CVE-2019-15026
CONFIRM
CONFIRM
MLIST mongodb -- mongodb An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility. 2019-08-30 6.8 CVE-2019-2390
CONFIRM mulesoft -- api_gateway Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. 2019-08-30 5.0 CVE-2019-15630
MISC nagios -- log_server Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. 2019-09-03 4.3 CVE-2019-15898
MISC
MISC naver -- cloud_explorer NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. 2019-09-03 5.0 CVE-2019-13156
CONFIRM onkyo -- tx-nr686_firmware Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. 2019-08-30 5.0 CVE-2019-6113
MISC opencv -- opencv An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. 2019-09-05 5.0 CVE-2019-15939
MISC
MISC profilegrid -- profilegrid The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. 2019-09-03 6.5 CVE-2019-15873
MISC
MISC rancher -- rancher Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim. 2019-09-04 4.3 CVE-2019-13209
MISC
CONFIRM realestateconnected -- easy_property_listings The easy-property-listings plugin before 3.4 for WordPress has XSS. 2019-08-30 4.3 CVE-2019-15817
MISC
MISC samba -- samba A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. 2019-09-03 6.4 CVE-2019-10197
CONFIRM
BUGTRAQ
CONFIRM
UBUNTU
DEBIAN
MISC sapplica -- sentrifugo Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. 2019-09-06 6.8 CVE-2019-16059
MISC sentrifugo -- sentrifugo Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. 2019-09-04 6.5 CVE-2019-15813
EXPLOIT-DB shaosina -- sina_extension_for_elementor The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. 2019-08-30 5.0 CVE-2019-15839
MISC
MISC
MISC simple_mail_address_encoder_project -- simple_mail_address_encoder The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. 2019-08-30 4.3 CVE-2019-15833
MISC statichttpserver_project -- statichttpserver A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. 2019-09-03 5.0 CVE-2019-5480
MISC symantec -- advanced_secure_gateway The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. 2019-08-30 4.3 CVE-2018-18370
CONFIRM symantec -- advanced_secure_gateway The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. 2019-08-30 4.0 CVE-2018-18371
CONFIRM symantec -- management_center An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. 2019-08-30 4.0 CVE-2019-9697
CONFIRM symantec -- reporter An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. 2019-08-30 4.0 CVE-2019-12753
CONFIRM totaljs -- total.js_cms An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension. 2019-09-05 6.5 CVE-2019-15952
MISC
FULLDISC
MISC
MISC totaljs -- total.js_cms An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation. 2019-09-05 6.5 CVE-2019-15953
MISC
MISC totaljs -- total.js_cms An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n^x complexity, and steal the admin password. 2019-09-05 4.0 CVE-2019-15955
MISC
MISC totemo -- totemomail Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 4.3 CVE-2018-15510
MISC totemo -- totemomail Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 4.3 CVE-2018-15511
MISC totemo -- totemomail Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 4.3 CVE-2018-15512
MISC totemo -- totemomail Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. 2019-08-30 5.0 CVE-2018-15513
MISC tribulant -- one_click_ssl The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. 2019-08-30 6.8 CVE-2019-15828
MISC
MISC uclouvain -- openjpeg OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. 2019-09-05 6.8 CVE-2018-21010
MISC webcraftic -- simple_301_redirects The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. 2019-08-30 5.8 CVE-2019-15818
MISC
MISC
MISC webcraftic -- woody_ad_snippets admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. 2019-09-03 4.3 CVE-2019-15858
MISC
MISC webp_converter_for_media_project -- webp_converter_for_media The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. 2019-08-30 6.8 CVE-2019-15834
MISC
MISC wp-buy -- visitor_traffic_real_time_statistics The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. 2019-08-30 6.8 CVE-2019-15831
MISC
MISC wp-buy -- visitor_traffic_real_time_statistics The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. 2019-08-30 6.8 CVE-2019-15832
MISC
MISC wp_better_permalinks_project -- wp_better_permalinks The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. 2019-08-30 6.8 CVE-2019-15835
MISC
MISC wpaffiliatemanager -- affiliates_manager The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. 2019-09-03 6.8 CVE-2019-15868
MISC
MISC wpbrigade -- loginpress The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings. 2019-09-03 4.0 CVE-2019-15871
MISC
MISC wpexpertdeveloper -- wp_private_content_plus The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. 2019-08-30 5.0 CVE-2019-15816
MISC
MISC
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info bitwise-it -- webp_express The webp-express plugin before 0.14.8 for WordPress has stored XSS. 2019-08-30 3.5 CVE-2019-15837
MISC
MISC bootstrapped -- wp_ultimate_recipe The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. 2019-08-30 3.5 CVE-2019-15836
MISC
MISC espressif -- arduino-esp32 The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. 2019-09-04 3.3 CVE-2019-12586
MISC
MISC
MISC f5 -- container_ingress_service On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. 2019-09-04 1.9 CVE-2019-6648
MISC freedesktop -- systemd In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. 2019-09-04 2.1 CVE-2019-15718
MISC
MISC
FEDORA
FEDORA google -- android In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-05 2.1 CVE-2019-2103
MISC google -- android In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure. 2019-09-05 2.1 CVE-2019-2124
MISC google -- android In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-05 2.1 CVE-2019-2180
MISC greentreelabs -- gallery_photoblocks The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. 2019-08-30 3.5 CVE-2019-15829
MISC
MISC ibm -- business_automation_workflow IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415. 2019-09-05 3.5 CVE-2019-4149
XF
CONFIRM icegram -- icegram The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. 2019-08-30 3.5 CVE-2019-15830
MISC
MISC
MISC lenovo -- xclarity_administrator A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. 2019-09-03 3.5 CVE-2019-6180
MISC mongodb -- mongodb Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. 2019-08-30 3.3 CVE-2019-2389
CONFIRM onesignal -- onesignal-free-web-push-notifications The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. 2019-08-30 3.5 CVE-2019-15827
MISC
MISC
MISC philips -- hdi_4000_firmware In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product. 2019-09-04 3.6 CVE-2019-10988
MISC redhat -- virtualization_host An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. 2019-09-03 2.1 CVE-2019-1125
REDHAT
MISC sentrifugo -- sentrifugo Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. 2019-09-04 3.5 CVE-2019-15814
EXPLOIT-DB smanos -- w100_firmware Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. 2019-09-05 3.3 CVE-2019-13361
MISC symantec -- vip Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. 2019-08-30 3.5 CVE-2019-12754
CONFIRM tiktok -- tiktok The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic. 2019-09-04 3.3 CVE-2019-14319
MISC
MISC xilinx -- zynq_ultrascale+_mpsoc_firmware A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior. 2019-09-03 2.1 CVE-2019-5478
MISC
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info alfresco -- alfresco_community_edition An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). 2019-09-06 not yet calculated CVE-2019-14223
MISC artifex -- ghostscript A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. 2019-09-03 not yet calculated CVE-2019-14817
CONFIRM
CONFIRM becton_dickinson_and_company -- pyxis_es_and_pyxis_enterprise_server_with_windows_server In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. 2019-09-06 not yet calculated CVE-2019-13517
MISC challenge_healthcare -- change_healthcare_cardiology_and_horizon_cardiology_and_mckesson_cardiology A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code. 2019-09-06 not yet calculated CVE-2018-18630
MISC
MISC d-link -- dir-806_devices D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning. 2019-09-06 not yet calculated CVE-2019-10891
MISC d-link -- dir-806_devices hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning. 2019-09-06 not yet calculated CVE-2019-10892
MISC dasan_zhone_solutions -- znid_gpon 2426a_eu_devices Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). 2019-09-05 not yet calculated CVE-2019-10677
MISC
MISC
MISC
MISC datalogic -- av7000_linear_barcode_scanner Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. 2019-08-30 not yet calculated CVE-2019-13526
MISC eclipse -- spotless_eclipse-wtp_and_eclipse-cdt_and_eclipse_groovy In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. **Note:** In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low. 2019-09-05 not yet calculated CVE-2019-10753
MISC espressif -- esp8266_nonos_sdk The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. 2019-09-04 not yet calculated CVE-2019-12588
MISC
MISC
MISC f5 -- big-ip On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file. 2019-09-04 not yet calculated CVE-2019-6643
MISC f5 -- big-ip On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken. 2019-09-04 not yet calculated CVE-2019-6645
MISC f5 -- big-ip Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. 2019-09-04 not yet calculated CVE-2019-6644
MISC f5 -- big-ip On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system. 2019-09-04 not yet calculated CVE-2019-6647
MISC facebook -- hhvm Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. 2019-09-06 not yet calculated CVE-2019-11926
CONFIRM
CONFIRM
CONFIRM facebook -- hhvm Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. 2019-09-06 not yet calculated CVE-2019-11925
CONFIRM
CONFIRM
CONFIRM google -- android In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9454
MISC google -- android In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9451
MISC google -- android In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9444
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9448
MISC google -- android In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9449
MISC google -- android In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-2182
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9447
MISC google -- android In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9445
MISC google -- android In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9456
MISC google -- android In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9453
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9450
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9446
MISC google -- android In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9452
MISC google -- android In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9455
MISC google -- android In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9443
MISC google -- android In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9441
MISC google -- android In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9458
MISC google -- android In the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9457
MISC google -- android In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9274
MISC google -- android In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9436
MISC google -- android In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9270
MISC google -- android In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9345
MISC google -- android In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9276
MISC google -- android In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9275
MISC google -- android In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9273
MISC google -- android In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9426
MISC google -- android In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9461
MISC google -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9248
MISC google -- android In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9245
MISC google -- android In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9271
MISC google -- android In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. 2019-09-06 not yet calculated CVE-2019-9442
MISC if.svnadmin -- if.svnadmin iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. 2019-09-06 not yet calculated CVE-2019-15128
MISC intramaps -- mapcontrol A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. 2019-09-05 not yet calculated CVE-2019-13191
MISC larvit -- larvitbase_api An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). 2019-09-03 not yet calculated CVE-2019-5479
MISC linux -- linux_kernel An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. 2019-09-06 not yet calculated CVE-2019-16089
MISC mautic -- mautic An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. 2019-09-06 not yet calculated CVE-2018-11198
MISC
CONFIRM opensc -- pam_p11 An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. 2019-09-06 not yet calculated CVE-2019-16058
MISC php -- php A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. 2019-09-06 not yet calculated CVE-2016-7398
MISC
MISC
MISC python -- python An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. 2019-09-06 not yet calculated CVE-2019-16056
MISC
MISC qemu -- qemu libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. 2019-09-06 not yet calculated CVE-2019-15890
CONFIRM
MISC symonics -- libmysofa Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. 2019-09-07 not yet calculated CVE-2019-16094
MISC symonics -- libmysofa Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. 2019-09-07 not yet calculated CVE-2019-16095
MISC symonics -- libmysofa Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. 2019-09-07 not yet calculated CVE-2019-16091
MISC symonics -- libmysofa Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. 2019-09-07 not yet calculated CVE-2019-16092
MISC symonics -- libmysofa Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. 2019-09-07 not yet calculated CVE-2019-16093
MISC tyto_software -- sahi_pro An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server. 2019-09-06 not yet calculated CVE-2019-15102
MISC valve -- counter-strike_global_offensive In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. 2019-09-05 not yet calculated CVE-2019-15944
MISC wordpress -- wordpress The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. 2019-08-30 not yet calculated CVE-2019-15842
MISC wordpress -- wordpress The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. 2019-09-03 not yet calculated CVE-2019-15865
MISC
MISC wordpress -- wordpress The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. 2019-09-03 not yet calculated CVE-2019-15866
MISC
MISC wordpress -- wordpress The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. 2019-09-03 not yet calculated CVE-2019-15867
MISC
MISC
MISC wordpress -- wordpress The JobCareer theme before 2.5.1 for WordPress has stored XSS. 2019-09-03 not yet calculated CVE-2019-15869
MISC wordpress -- wordpress The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. 2019-09-03 not yet calculated CVE-2019-15870
MISC wordpress -- wordpress The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. 2019-09-03 not yet calculated CVE-2019-15889
MISC
MISC
MISC
MISC
MISC
MISC
MISC wordpress -- wordpress The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. 2019-09-03 not yet calculated CVE-2019-15864
MISC
MISC xpdf -- xpdf Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. 2019-09-06 not yet calculated CVE-2019-16088
MISC Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

U.S. Cyber Command Shares 11 New Malware Samples

US-CERT All NCAS Products - Sun, 09/08/2019 - 16:13
Original release date: September 8, 2019

U.S. Cyber Command has released 11 malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Exim Releases Security Patches

US-CERT All NCAS Products - Fri, 09/06/2019 - 17:03
Original release date: September 6, 2019

Exim has released patches to address vulnerabilities affecting Exim 4.92.1 and prior versions. A remote attacker could exploit this vulnerability to take control of an affected email server.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-15846 page and upgrade to Exim 4.92.2 or apply the necessary patches. CISA also encourages users and administrators to review the CERT Coordination Center's Vulnerability Note VU#672565 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Ransomware Protection Strategies

US-CERT All NCAS Products - Fri, 09/06/2019 - 16:54
Original release date: September 6, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has observed an increase in ransomware attacks across the Nation. Helping organizations protect themselves from ransomware is a chief priority for CISA. Organizations are encouraged to review the following resources to help prevent, mitigate, and recover against ransomware:

Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

WordPress Releases Security Update

US-CERT All NCAS Products - Fri, 09/06/2019 - 15:25
Original release date: September 6, 2019

WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.2.3.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

MS-ISAC Releases Advisory on PHP Vulnerabilities

US-CERT All NCAS Products - Thu, 09/05/2019 - 16:48
Original release date: September 5, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2019-087 and the PHP Downloads page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

FBI Releases Article on Think Before You Post Campaign

US-CERT All NCAS Products - Thu, 09/05/2019 - 16:24
Original release date: September 5, 2019

The Federal Bureau of Investigation (FBI) has released an article on their Think Before You Post campaign, designed to educate students on the use of social media and how to avoid making poor choices when posting, texting, or emailing thoughts or grievances that could lead to disruptive behavior, including threats. The FBI article stresses that this type of online behavior could result in serious consequences to the individual as well as the community.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI article for information about the Think Before You Post campaign. CISA also recommends users review the CISA Tip on Identifying Hoaxes and Urban Legends for information on the potential dangers of viral emails. CISA encourages users to report suspicious activity to their local FBI field office and to FBI CyWatch at cywatch@fbi.gov. 

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Cisco Releases Security Updates

US-CERT All NCAS Products - Thu, 09/05/2019 - 15:39
Original release date: September 5, 2019

Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Pages