Vulnerability Summary for the Week of November 11, 2019

Released
Nov 18, 2019
Document ID
SB19-322

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

  

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
au_optronics -- sunveillance_monitoring_system
 
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.2019-11-127.5CVE-2019-12719
MISC
MISC
belkin -- n900_db_wireless_routerSymlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.2019-11-137.8CVE-2013-4655
MISC
MISC
MISC
broadcom -- wi-fi_driver
 
In the Broadcom Wi-Fi driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1303751822019-11-137.5CVE-2019-9466
MISC
chartkick_gem_for_ruby_on_rails -- chartkick_gem_for_ruby_on_railsChartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.2019-11-117.5CVE-2019-18841
MISC
MISC
MISC
CONFIRM
MISC
MISC
d-link -- multiple_routers
 
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.2019-11-1110CVE-2019-18852
MISC
elgg_foundation -- elgg
 
Elgg through 1.7.10 has a SQL injection vulnerability2019-11-127.5CVE-2011-2936
REDHAT
MISC
DEBIAN
energycap -- energycap
 
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.2019-11-087.5CVE-2019-18623
CONFIRM
CONFIRM
enghouse_interactive -- web_chat
 
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.2019-11-137.5CVE-2019-16948
MISC
fudforum -- fudforum
 
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.2019-11-128.5CVE-2019-18873
MISC
MISC
fudforum -- fudforum
 
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.2019-11-138.5CVE-2019-18839
MISC
MISC
gnome -- gdk-pixbuf
 
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw2019-11-127.5CVE-2011-2897
MISC
MISC
MISC
google -- android

 

In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1352696692019-11-137.8CVE-2019-2211
MISC
google -- android
 
In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1391885792019-11-139.3CVE-2019-2206
MISC
google -- android
 
In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1245243152019-11-137.2CVE-2019-2207
MISC
google -- android
 
In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1391861932019-11-137.2CVE-2019-2195
MISC
google -- android
 
In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-797038322019-11-1310CVE-2019-2036
MISC
google -- android
 
In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-1384422952019-11-1310CVE-2019-2204
MISC
google -- android
 
In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1398062162019-11-1310CVE-2019-2205
MISC
google -- android
 
In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1404865292019-11-137.2CVE-2019-2233
MISC
google -- android
 
In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel2019-11-137.2CVE-2019-2214
MISC
google -- android
 
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1373707772019-11-137.2CVE-2019-2203
MISC
google -- android
 
In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-1391484422019-11-137.2CVE-2019-2210
MISC
google -- android
 
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-1372833762019-11-137.2CVE-2019-2202
MISC
google -- android
 
In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1386506652019-11-137.2CVE-2019-2199
MISC
google -- android
 
In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1322610642019-11-137.2CVE-2019-2193
MISC
google -- android
 
In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-803169102019-11-137.2CVE-2019-9467
MISC
google -- android
 
In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-1384415552019-11-137.2CVE-2019-2192
MISC
google -- android
 
There is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-1384419192019-11-137.8CVE-2019-2208
MISC
google -- android
 
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1205513382019-11-139.3CVE-2019-2201
MISC
UBUNTU
helm -- helmIn Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.2019-11-127.5CVE-2019-18658
MISC
lenovo -- multiple_thinkpadsA potential vulnerability in some Lenovo ThinkPads may allow an attacker to execute arbitrary code under SMM under certain circumstances.2019-11-127.5CVE-2019-6170
MISC
lenovo -- multiple_thinkpads
 
A potential vulnerability in the SMI callback function in some Lenovo ThinkPad models may allow arbitrary code execution2019-11-127.5CVE-2019-6172
MISC
libpoe-component-irc-perl -- libpoe-component-irc-perl
 
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.2019-11-127.5CVE-2010-3438
MISC
MISC
MISC
matrix-org -- synapse
 
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.2019-11-087.5CVE-2019-18835
MISC
MISC

medtronic -- valleylab_exchange_client_and_valleylab_ft10_and_fx8_energy_platform

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.2019-11-087.2CVE-2019-13539
MISC
microsoft -- chakracore_and_edgeA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429.2019-11-127.6CVE-2019-1427
MISC
microsoft -- chakracore_and_edge
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429.2019-11-127.6CVE-2019-1428
MISC
microsoft -- chakracore_and_edge
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429.2019-11-127.6CVE-2019-1426
MISC
microsoft -- exchange_server_2013_and_2016_and_2019
 
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.2019-11-127.5CVE-2019-1373
MISC
microsoft -- internet_explorer_9_and_10_and_11
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.2019-11-127.6CVE-2019-1429
MISC
microsoft -- internet_explorer_9_and_10_and_11
 
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.2019-11-127.6CVE-2019-1390
MISC
microsoft -- multiple_productsAn elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.2019-11-127.2CVE-2019-1388
MISC
MISC
microsoft -- multiple_products

 

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.2019-11-129CVE-2019-0719
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1437, CVE-2019-1438.2019-11-127.2CVE-2019-1435
MISC
microsoft -- multiple_products
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.2019-11-129.3CVE-2019-1406
MISC
microsoft -- multiple_products
 
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398.2019-11-127.7CVE-2019-1397
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.2019-11-127.2CVE-2019-1392
MISC
microsoft -- multiple_products
 
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398.2019-11-127.7CVE-2019-1389
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.2019-11-127.2CVE-2019-1394
MISC
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.2019-11-127.2CVE-2019-1395
MISC
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408.2019-11-127.2CVE-2019-1434
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434.2019-11-127.2CVE-2019-1396
MISC
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438.2019-11-127.2CVE-2019-1433
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434.2019-11-127.2CVE-2019-1408
MISC
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437.2019-11-127.2CVE-2019-1438
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438.2019-11-127.2CVE-2019-1407
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.2019-11-127.2CVE-2019-1405
MISC
microsoft -- multiple_products
 
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.2019-11-129.3CVE-2019-1448
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.2019-11-127.2CVE-2019-1393
MISC
MISC
microsoft -- office_2019_and_office_365_proplus
 
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'.2019-11-1210CVE-2019-1449
MISC
microsoft -- windows_10_and_windows_serverA remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'.2019-11-129.3CVE-2019-1430
MISC
microsoft -- windows_10_and_windows_server_2019_and_windows_server
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438.2019-11-127.2CVE-2019-1437
MISC
microsoft -- windows_10_and_windows_server_2019_and_windows_server
 
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.2019-11-129CVE-2019-0721
MISC
microsoft -- windows_10_and_windows_server_2019_and_windows_server
 
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397.2019-11-127.7CVE-2019-1398
MISC
microsoft -- windows_7_and_windows_server_2008A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.2019-11-129.3CVE-2019-1441
MISC
MISC
nvidia -- windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service.2019-11-097.2CVE-2019-5692
CONFIRM
nvidia -- windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges.2019-11-097.2CVE-2019-5691
CONFIRM
nvidia -- windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.2019-11-097.2CVE-2019-5690
CONFIRM
offlineimap -- offlineimap
 
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.2019-11-137.5CVE-2010-4533
MISC
MISC
MISC
MISC
MISC
sibsoft -- xfilesharingSibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.2019-11-137.5CVE-2019-18952
MISC
MISC
systematic -- iris_webforms
 
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.2019-11-127.5CVE-2019-18925
MISC
untangle -- ng_firewall
 
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.2019-11-149CVE-2019-18647
MISC
western_digital -- my_cloud_ex2_ultra_firmwareWestern Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.2019-11-139CVE-2019-18931
MISC
MISC
western_digital -- my_cloud_ex2_ultra_firmware
 
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.2019-11-139CVE-2019-18929
MISC
MISC
western_digital -- my_cloud_ex2_ultra_firmware
 
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.2019-11-139CVE-2019-18930
MISC
MISC
wordpress -- wordpress
 
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.2019-11-089CVE-2019-17661
MISC
zte -- zxupn-9000e
 
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.2019-11-087.5CVE-2019-3426
CONFIRM
zte -- zxupn-9000e
 
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.2019-11-087.5CVE-2019-3425
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
alien-arena -- alien-arena
 
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.2019-11-124CVE-2010-3439
MISC
MISC
MISC
MISC
apache -- arrow
 
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.2019-11-085CVE-2019-12408
CONFIRM
MLIST
apache -- arrow
 
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.2019-11-085CVE-2019-12410
MLIST
MLIST
MLIST
atlassian -- troubleshooting_and_support_toolThe Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.2019-11-084CVE-2019-15005
MISC
MISC
atoptool -- atop
 
atop: symlink attack possible due to insecure tempfile handling2019-11-124.6CVE-2011-3618
REDHAT
MISC
DEBIAN
au_optronics -- sunveillance_monitoring_system
 
AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.2019-11-125CVE-2019-12720
MISC
MISC
bitweaver -- bitweaver
 
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.2019-11-134.3CVE-2012-5193
EXPLOIT-DB
MISC
broadcom -- brocade_sannav
 
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.2019-11-084.3CVE-2019-16205
CONFIRM
broadcom -- brocade_sannav
 
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).2019-11-085CVE-2019-16208
CONFIRM
ceph -- rgw_server
 
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.2019-11-085CVE-2019-10222
CONFIRM
MISC
cross-origin_resource_sharing -- cross-origin_resource_sharingIt was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.2019-11-084.3CVE-2019-14860
REDHAT
CONFIRM
drupal -- drupal
 
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.2019-11-115CVE-2019-18856
MISC
MISC
dtc-xen -- dtc-xen
 
dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.2019-11-096.8CVE-2009-4011
MISC
MISC
MISC
elgg_foundation -- elgg
 
Elgg through 1.7.10 has XSS2019-11-124.3CVE-2011-2935
REDHAT
MISC
DEBIAN
enghouse_interactive -- web_chatA remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses.2019-11-135CVE-2019-16951
MISC
enghouse_interactive -- web_chat
 
An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript.2019-11-134.3CVE-2019-16950
MISC
enghouse_interactive -- web_chat
 
An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain.2019-11-134CVE-2019-16949
MISC
envoy_proxy -- envoy
 
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."2019-11-115CVE-2019-18836
MISC
CONFIRM
MISC
MISC
ettercap_project -- ettercap
 
An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.2019-11-126.8CVE-2010-3844
MISC
MISC
MISC
firegpg -- firegpgFireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.2019-11-085CVE-2008-7272
MISC
MISC
MISC
gargoyle-free -- gargoyle-free
 
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.2019-11-124.4CVE-2010-3359
MISC
gnu -- mailutilsmaidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.2019-11-114.6CVE-2019-18862
MISC
google -- androidIn Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1352691432019-11-134.9CVE-2019-2196
MISC
google -- android
 
In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel2019-11-136.9CVE-2019-2213
MISC
google -- android
 
In poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1396904882019-11-134.9CVE-2019-2212
MISC
google -- android
 
In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1392876052019-11-134.9CVE-2019-2209
MISC
google -- android
 
In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1352701032019-11-134.9CVE-2019-2198
MISC
google -- chrome
 
Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections.2019-11-124.3CVE-2011-2334
MISC
MISC
google -- chrome
 
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).2019-11-124.3CVE-2011-1802
MISC
MISC
google -- chrome
 
An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.2019-11-124.3CVE-2011-1803
MISC
MISC
google -- chrome
 
A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.2019-11-125CVE-2011-2335
MISC
MISC
hibernate -- hibernate_validator
 
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.2019-11-084.3CVE-2019-10219
CONFIRM
hitachi -- command_suite
 
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.2019-11-125CVE-2018-21026
MISC
CONFIRM
huawei -- multiple_productsGauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node.2019-11-135CVE-2019-5289
MISC
huawei -- multiple_products
 
There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.2019-11-135CVE-2019-5294
MISC
huawei -- multiple_products
 
Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal.2019-11-134CVE-2019-5293
MISC
huawei -- multiple_smartphones

 

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution.2019-11-134.6CVE-2019-5246
MISC
huawei -- multiple_smartphones
 
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.2019-11-136.8CVE-2019-5233
MISC
huawei -- multiple_smartphones
 
Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution.2019-11-136.8CVE-2019-5282
MISC
huawei -- multiple_smartphones
 
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.2019-11-126.8CVE-2019-5228
MISC
huawei -- p20_pro_and_p20_and_mate_rs_smartphones
 
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information.2019-11-134.3CVE-2019-5230
MISC
huawei -- p30_smartphones
 
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution.2019-11-124.6CVE-2019-5229
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.2019-11-094CVE-2019-4334
XF
CONFIRM
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.2019-11-096.5CVE-2018-1721
XF
CONFIRM
ibm -- cognos_analyticsIBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.2019-11-094.3CVE-2019-4645
XF
CONFIRM
ibm -- cognos_controller
 
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.2019-11-094CVE-2019-4411
XF
CONFIRM
ibm -- cognos_controller
 
IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.2019-11-095CVE-2019-4412
XF
CONFIRM
ibm -- iIBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.2019-11-094.3CVE-2019-4450
XF
CONFIRM
ibm -- qradar
 
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430.2019-11-094CVE-2019-4509
XF
CONFIRM
ibm -- qradar
 
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239.2019-11-094.3CVE-2019-4581
XF
CONFIRM
ibm -- qradar_advisor
 
IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.2019-11-094CVE-2019-4556
XF
CONFIRM
imagemagick -- imagemagick
 
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.2019-11-114.3CVE-2019-18853
MISC
MISC
istio -- istio
 
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.2019-11-125CVE-2019-18817
MISC
MISC
json-jwt_gem_for_ruby_on_rails -- json-jwt_gem_for_ruby_on_rails
 
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.2019-11-125CVE-2019-18848
MISC
MISC
lavalite -- cms
 
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.2019-11-134.3CVE-2019-18883
MISC
MISC
mantisbt-- mantisbt
 
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.2019-11-094.3CVE-2009-2802
CONFIRM
CONFIRM
MISC
mcafee -- advanced_threat_defenseInformation Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.2019-11-134CVE-2019-3649
MISC
mcafee -- advanced_threat_defense
 
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.2019-11-136.5CVE-2019-3651
MISC
mcafee -- advanced_threat_defense
 
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.2019-11-136.5CVE-2019-3660
CONFIRM
mcafee -- advanced_threat_defense
 
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.2019-11-134CVE-2019-3650
MISC
mcafee -- advanced_threat_defense
 
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.2019-11-144CVE-2019-3662
MISC
mcafee -- advanced_threat_defense
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.2019-11-146.5CVE-2019-3661
MISC

medtronic -- valleylab_exchange_client_and_valleylab_ft10_and__fx8_energy_platform

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.2019-11-085CVE-2019-13543
MISC
microsoft -- azure_stack
 
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.2019-11-125CVE-2019-1234
MISC
microsoft -- edge
 
A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.2019-11-124.3CVE-2019-1413
MISC

microsoft -- microsoft_office_2016_for_mac_and_microsoft_office_2019_for_mac

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.2019-11-126.8CVE-2019-1457
MISC
microsoft -- multiple_productsAn information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1411.2019-11-124.3CVE-2019-1432
MISC
MISC
microsoft -- multiple_productsA denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207.2019-11-124.9CVE-2019-1391
MISC
microsoft -- multiple_productsAn information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432.2019-11-124.3CVE-2019-1411
MISC
MISC
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456.2019-11-126.8CVE-2019-1419
MISC
MISC
microsoft -- multiple_productsA denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310.2019-11-125.5CVE-2019-1399
MISC
microsoft -- multiple_products
 
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399.2019-11-126.8CVE-2019-0712
MISC
microsoft -- multiple_products
 
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.2019-11-124.6CVE-2019-1380
MISC
MISC
microsoft -- multiple_products
 
A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'.2019-11-126.8CVE-2019-1424
MISC
microsoft -- multiple_products
 
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.2019-11-124.3CVE-2019-1446
MISC
microsoft -- multiple_products
 
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.2019-11-126.5CVE-2019-1384
MISC
microsoft -- multiple_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.2019-11-124.3CVE-2019-1439
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1417.2019-11-124.6CVE-2019-1383
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383.2019-11-124.6CVE-2019-1417
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423.2019-11-124.6CVE-2019-1420
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423.2019-11-124.6CVE-2019-1422
MISC
MISC
microsoft -- multiple_products
 
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419.2019-11-126.8CVE-2019-1456
MISC
MISC
microsoft -- multiple_products
 
An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'.2019-11-124.3CVE-2019-1374
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.2019-11-124.6CVE-2019-1415
MISC
microsoft -- multiple_sharepoint_products
 
An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.2019-11-124CVE-2019-1443
MISC
microsoft -- office_online_server
 
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.2019-11-125.8CVE-2019-1445
MISC
microsoft -- office_online_server
 
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445.2019-11-125.8CVE-2019-1447
MISC
microsoft -- sharepoint_server_2019
 
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.2019-11-124.3CVE-2019-1442
MISC
microsoft -- windows_10_and_windows_server
 
An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1422.2019-11-124.6CVE-2019-1423
MISC
MISC
microsoft -- windows_10_and_windows_server_2019
 
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1383, CVE-2019-1417.2019-11-124.6CVE-2019-1379
MISC
microsoft -- windows_10_and_windows_server_2019_and_windows_server
 
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.2019-11-125CVE-2019-1324
MISC
microsoft -- windows_10_and_windows_server_2019_and_windows_server
 
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.2019-11-126.1CVE-2019-1385
MISC
MISC
microsoft -- windows_10_and_windows_server_2019_and_windows_server
 
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399.2019-11-126.8CVE-2019-1309
MISC
microsoft -- windows_10_and_windows_server_2019_and_windows_server
 
An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.2019-11-124.4CVE-2019-1416
MISC
microsoft -- windows_10_and_windows_server_2019_and_windows_server
 
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399.2019-11-126.8CVE-2019-1310
MISC
microstrategy -- microstrategy
 
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.2019-11-144.3CVE-2019-18957
MISC
FULLDISC
MISC
mitel -- micollab_and_mivoice_business_express_versions
 
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.2019-11-125CVE-2018-18819
MISC
CONFIRM
mod_ruid2 -- mod_ruid2
 
mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.2019-11-085CVE-2013-1889
MISC
MISC
MISC
CONFIRM
moodle -- moodleMoodle before 2.2.2: Overview report allows users to see hidden courses2019-11-144CVE-2012-1159
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
moodle -- moodle
 
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough2019-11-145CVE-2012-1170
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
moodle -- moodle
 
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results2019-11-144CVE-2012-1161
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
nvidia -- geforce_experienceNVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.2019-11-094.6CVE-2019-5689
CONFIRM
nvidia -- geforce_experience
 
NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.2019-11-094.4CVE-2019-5701
CONFIRM
nvidia -- geforce_experience_and_windows_gpu_display_driver
 
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.2019-11-124.4CVE-2019-5695
CONFIRM
CONFIRM
nvidia -- windows_gpu_display_driverNVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.2019-11-094.4CVE-2019-5694
MISC
nvidia -- windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service.2019-11-094.9CVE-2019-5693
CONFIRM
offlineimap -- offlineimap
 
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.2019-11-134.3CVE-2010-4532
MISC
MISC
MISC
MISC
MISC
openstack -- keystone
 
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space2019-11-125CVE-2012-1572
MISC
MISC
pediapress -- mwlib
 
mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions2019-11-125CVE-2012-1109
MISC
MISC
MISC
philips -- tasy_emrIn Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.2019-11-085CVE-2019-13557
MISC
phoenix -- winflash_and_winflash32_drivers
 
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.2019-11-136.8CVE-2019-18279
MISC
MISC
CONFIRM
phpbb -- phpbb
 
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.2019-11-144.3CVE-2011-0544
MISC
MISC
pixelpost -- pixelpost
 
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.2019-11-126.8CVE-2010-3305
MISC
MISC
EXPLOIT-DB
MLIST
plesk -- parallels_plesk_panelParallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter.2019-11-134.3CVE-2019-18793
MISC
psutil -- psutil
 
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.2019-11-125CVE-2019-18874
MISC
qpid-cpp -- qpid-cpp
 
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .2019-11-094CVE-2009-5004
MISC
MISC
MISC
MISC
red_hat -- hornetq_rest
 
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy2019-11-124.3CVE-2014-3599
MISC
MISC
red_hat -- jboss_brms
 
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.2019-11-124.3CVE-2010-3857
MISC
MISC
MISC
red_hat -- jboss_keycloak
 
JBoss KeyCloak is vulnerable to soft token deletion via CSRF2019-11-134.3CVE-2014-3655
MISC
MISC
MISC
red_hat -- jboss_operations_network
 
In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.2019-11-084CVE-2008-5083
MISC
MISC
red_hat -- tuned
 
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.2019-11-084.7CVE-2013-1820
MISC
MISC
MISC
red_hat -- vdsm_and_vdsclient
 
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack2019-11-134.3CVE-2014-8167
MISC
REDHAT
red_hat -- openshift_origin
 
OpenShift Origin: Improperly validated team names could allow stored XSS attacks2019-11-134.3CVE-2014-3592
MISC
MISC
ruby_on_rails -- ruby_on_rails
 
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.2019-11-124.3CVE-2010-3299
MISC
MLIST
MISC
MISC
sap -- businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.2019-11-135.5CVE-2019-0396
MISC
MISC
sap -- data_hub
 
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users.2019-11-134CVE-2019-0390
MISC
MISC
sap -- netweaver_application_server_javaAn administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.2019-11-136.5CVE-2019-0389
MISC
MISC
sap -- netweaver_as_java
 
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.2019-11-134CVE-2019-0391
MISC
MISC
sap -- quality_managementAn SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results.2019-11-134CVE-2019-0393
MISC
MISC
sibsoft -- xfilesharing
 
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.2019-11-135CVE-2019-18951
MISC
MISC
slack-chat -- slack-chat
 
Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).2019-11-125CVE-2019-14367
MISC
MISC
status -- satusnet
 
statusnet before 0.9.9 has XSS2019-11-124.3CVE-2011-3370
REDHAT
MISC
DEBIAN
svg-sanitizer -- svg-sanitizer
 
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.2019-11-115CVE-2019-18857
MISC
MISC
systematic -- iris_standards_management
 
Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application.2019-11-124.3CVE-2019-18926
MISC
systematic -- iris_webforms
 
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.2019-11-125CVE-2019-18924
MISC
tibco -- ebx
 
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.2019-11-124.3CVE-2019-17330
MISC
MISC
tibco -- ebx
 
The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2.2019-11-124.3CVE-2019-17332
MISC
MISC
tmaxsoft -- jeus
 
JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.2019-11-086.5CVE-2019-17327
MISC
tnef -- tnef
 
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.2019-11-114.3CVE-2019-18849
MISC
MISC
trilex_labs -- letodms
 
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar2019-11-134.3CVE-2012-4384
MISC
DEBIAN
trilex_labs -- letodms
 
letodms 3.3.6 has CSRF via change password2019-11-134.3CVE-2012-4385
MISC
DEBIAN
MISC
twisted_matrix_labs -- twisted
 
Python Twisted 14.0 trustRoot is not respected in HTTP client2019-11-125CVE-2014-7143
MISC
MISC
MISC
MISC
untangle -- ng_firewall
 
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.2019-11-146.5CVE-2019-18646
MISC
wolfssl -- wolfssl
 
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.2019-11-095CVE-2019-18840
MISC
wordpress -- wordpressA Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.2019-11-115CVE-2019-18854
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.2019-11-115CVE-2019-18855
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.2019-11-124.3CVE-2019-17236
MISC
MISC
wordpress -- wordpress
 
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.2019-11-126.4CVE-2019-17234
MISC
MISC
wordpress -- wordpress
 
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.2019-11-125CVE-2019-17235
MISC
MISC
wordpress -- wordpress
 
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.2019-11-126.8CVE-2019-17237
MISC
MISC
wordpress -- wordpress
 
WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).2019-11-125CVE-2019-14366
MISC
wordpress -- wordpress
 
The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).2019-11-125CVE-2019-14365
MISC
wso2 -- identity_serverWSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.2019-11-124.3CVE-2019-18881
MISC
wso2 -- identity_server
 
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.2019-11-124.3CVE-2019-18882
MISC
znc -- znc
 
NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.2019-11-125CVE-2010-2488
MISC
MISC
MISC
CONFIRM
zyxel -- p-1302-t10d_devicesZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.2019-11-124CVE-2019-15815
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
alsa-utils -- alsa-utils
 
alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.2019-11-093.6CVE-2009-0035
MISC
MISC
MISC
babiloo -- babiloo
 
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.2019-11-123.3CVE-2010-3440
MISC
MISC
MISC
broadcom -- brocade_sannav
 
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.2019-11-082.1CVE-2019-16206
CONFIRM
google -- android
 
In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1385294412019-11-132.1CVE-2019-2197
MISC
huawei -- honor_10_and_honor_8a_and_y6_smartphones
 
Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.2019-11-132.1CVE-2019-5292
MISC
huawei -- honor_play_smartphonesHonor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.2019-11-121.9CVE-2019-5213
MISC
huawei -- p30_smartphones
 
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.2019-11-132.1CVE-2019-5231
MISC
huawei -- p30_smartphones
 
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.2019-11-082.1CVE-2019-3866
CONFIRM
ibm -- qradar
 
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.2019-11-093.5CVE-2019-4454
XF
CONFIRM
ibm -- qradar
 
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779.2019-11-093.5CVE-2019-4470
XF
CONFIRM
ibm -- spectrum_protect_plusIBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.2019-11-123.6CVE-2019-4652
XF
CONFIRM
liboping -- liboping
 
liboping 1.3.2 allows users reading arbitrary files upon the local system.2019-11-092.1CVE-2009-3614
MISC
MISC
mailscanner -- mailscanner
 
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.2019-11-122.1CVE-2010-3292
MISC
MISC
MISC
MLIST
mailscanner -- mailscanner
 
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.2019-11-123.3CVE-2010-3095
MISC
MISC
MISC
MLIST
mcafee -- advanced_threat_defense
 
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system.2019-11-142.1CVE-2019-3663
MISC
mcafee -- threat_intelligence_exchange_server
 
Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.2019-11-133.5CVE-2019-3641
CONFIRM
medtronic -- valleylab_ft10_energy_platform_and_ls10_energy_platform
 
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.2019-11-082.1CVE-2019-13531
MISC
medtronic -- valleylab_ft10_energy_platform_and_valleylab_ls10_energy_platform
 
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.2019-11-082.1CVE-2019-13535
MISC
microsoft -- multiple_productsAn information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.2019-11-122.1CVE-2019-1402
MISC
microsoft -- multiple_products
 
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.2019-11-122.1CVE-2019-1418
MISC
microsoft -- multiple_products
 
An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'.2019-11-122.1CVE-2019-1409
MISC
microsoft -- multiple_products
 
An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'.2019-11-122.1CVE-2019-1381
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'.2019-11-122.1CVE-2019-1382
MISC
microsoft -- multiple_products
 
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440.2019-11-122.1CVE-2019-1436
MISC
microsoft -- multiple_products
 
An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'.2019-11-122.1CVE-2019-1412
MISC
MISC
microsoft -- open_enclave_sdk
 
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.2019-11-122.1CVE-2019-1370
MISC

microsoft -- windows_10_and_windows_server_2019_and_windows_server

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436.2019-11-122.1CVE-2019-1440
MISC
mysql-gui-tools -- mysql-gui-tools
 
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.2019-11-122.1CVE-2010-4177
MISC
MISC
MISC
MISC
MISC
MISC
netgear -- wnr3500u_and_wnr3500lCross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.2019-11-133.5CVE-2013-3517
MISC
MISC
nvidia -- virtual_gpu_manager
 
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service.2019-11-092.1CVE-2019-5698
CONFIRM
nvidia -- virtual_gpu_manager
 
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service.2019-11-092.1CVE-2019-5696
CONFIRM
nvidia -- virtual_gpu_manager
 
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service.2019-11-093.6CVE-2019-5697
CONFIRM
pacemaker -- pacemaker
 
Pacemaker before 1.1.6 configure script creates temporary files insecurely2019-11-123.3CVE-2011-5271
MISC
MISC
MISC
MISC
patriot -- viper_rgb
 
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.2019-11-093.6CVE-2019-18845
MISC
red_hat -- 389_directory_serverA flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.2019-11-083.5CVE-2019-14824
CONFIRM
red_hat -- enterprise_virtualization_manager
 
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.2019-11-092.9CVE-2009-3552
MISC
MISC
BUGTRAQ
sap -- businessobjects_business_intelligence_platform
 
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability.2019-11-133.5CVE-2019-0382
MISC
MISC
sap -- enable_now
 
SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.2019-11-133.5CVE-2019-0385
MISC
MISC
technicolor -- tc7300_router
 
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.2019-11-133.5CVE-2019-17524
MISC
MISC
technicolor -- tc7300_router
 
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.2019-11-133.5CVE-2019-17523
MISC
MISC
tibco -- ebx
 
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0.2019-11-123.5CVE-2019-17331
MISC
MISC
untangle -- ng_firewall
 
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.2019-11-143.5CVE-2019-18649
MISC
untangle -- ng_firewall
 
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.2019-11-143.5CVE-2019-18648
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3xlogic-- infinias_access_control
 
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document to a user that the website trusts. The user needs to have an active privileged session.2019-11-14not yet calculatedCVE-2019-18651
MISC
actiontec -- mi424wr-gen3i_routerUnspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router.2019-11-13not yet calculatedCVE-2013-3097
MISC
MISC
MISC
MISC
adobe -- animate_ccAdobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.2019-11-14not yet calculatedCVE-2019-7960
CONFIRM
adobe -- bridge_ccAdobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure.2019-11-14not yet calculatedCVE-2019-8239
CONFIRM
adobe -- bridge_ccAdobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure.2019-11-14not yet calculatedCVE-2019-8240
CONFIRM
adobe -- illustrator_ccAdobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2019-11-14not yet calculatedCVE-2019-8248
CONFIRM
adobe -- illustrator_ccAdobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.2019-11-14not yet calculatedCVE-2019-7962
CONFIRM
adobe -- illustrator_ccAdobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .2019-11-14not yet calculatedCVE-2019-8247
CONFIRM
adobe -- media_encoderAdobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2019-11-14not yet calculatedCVE-2019-8242
CONFIRM
MISC
adobe -- media_encoderAdobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .2019-11-14not yet calculatedCVE-2019-8246
CONFIRM
adobe -- media_encoderAdobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2019-11-14not yet calculatedCVE-2019-8241
CONFIRM
MISC
adobe -- media_encoderAdobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2019-11-14not yet calculatedCVE-2019-8244
CONFIRM
MISC
adobe -- media_encoderAdobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2019-11-14not yet calculatedCVE-2019-8243
CONFIRM
MISC
advan -- i6a_android_deviceThe Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15357
MISC
allview -- x5_android_deviceThe Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15383
MISC
archos -- core_101_android_deviceThe Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15387
MISC
artifex -- ghostscriptA flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.2019-11-15not yet calculatedCVE-2019-14869
MLIST
CONFIRM
CONFIRM
CONFIRM
FEDORA
asus -- asus_a002_2_android_deviceThe Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15402
MISC
asus -- asus_a002_android_deviceThe Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15401
MISC
asus -- asus_x00K_1_android_deviceThe Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15405
MISC
asus -- asus_x00k_1_android_deviceThe Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15418
MISC
asus -- asus_x00ld_3_android_deviceThe Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15406
MISC
asus -- asus_x015_1_android_deviceThe Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15407
MISC
asus -- zenfone_3_laser_android_deviceThe Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15411
MISC
asus -- zenfone_3_ultra_android_deviceThe Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15400
MISC
asus -- zenfone_3_ultra_android_deviceThe Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15413
MISC
asus -- zenfone_3s_max_android_deviceThe Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15403
MISC
asus -- zenfone_4_selfie_android_deviceThe Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15412
MISC
asus -- zenfone_5_lite_android_deviceThe Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15408
MISC
asus -- zenfone_5q_android_deviceThe Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15409
MISC
asus -- zenfone_ar_android_deviceThe Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15414
MISC
asus -- zenfone_max_4_android_deviceThe Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15404
MISC
asus -- asus_x015_1_android_deviceThe Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15419
MISC
asus -- rt-ac66u_and_n56u_wireless_routersSymlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.2019-11-13not yet calculatedCVE-2013-4656
MISC
MISC
MISC
asus -- zenfone_3_android_deviceThe Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15396
MISC
asus -- zenfone_3s_max_android_deviceThe Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15395
MISC
asus -- zenfone_4_selfie_android_deviceThe Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15398
MISC
asus -- zenfone_4_selfie_android_deviceThe Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15391
MISC
asus -- zenfone_4_selfie_android_deviceThe Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15392
MISC
asus -- zenfone_5_selfie_android_deviceThe Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15394
MISC
asus -- zenfone_5q_android_deviceThe Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15399
MISC
asus -- zenfone_5q_android_deviceThe Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15410
MISC
asus -- zenfone_live_android_deviceThe Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15393
MISC
asus -- zenfone_max_4_android_deviceThe Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15397
MISC
ax25-tools -- ax25-toolsThe AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.2019-11-15not yet calculatedCVE-2011-2910
MISC
MISC
MISC
blackview -- bv7000_pro_android_deviceThe Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15421
MISC
blackview -- bv9000pro-f_android_deviceThe Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15420
MISC
blade -- shadowThe network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream.2019-11-14not yet calculatedCVE-2019-16110
MISC
bluboo -- bluboo_s1_android_deviceThe Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15423
MISC
bluboo -- d3_pro_android_deviceThe Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15430
MISC
bq_mobile -- 5515l_android_deviceThe BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15381
MISC
cactus-- go-camoInsufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin.2019-11-13not yet calculatedCVE-2019-18923
MISC
CONFIRM
cherry -- flare_s7_android_deviceThe Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15377
MISC
chrony -- chronyChrony before 1.29.1 has traffic amplification in cmdmon protocol2019-11-15not yet calculatedCVE-2014-0021
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
clamav -- clamavClamAV before 0.97.7 has WWPack corrupt heap memory2019-11-15not yet calculatedCVE-2013-7087
MISC
MISC
MISC
MISC
MISC
clamav -- clamavClamAV before 0.97.7 has buffer overflow in the libclamav component2019-11-15not yet calculatedCVE-2013-7088
MISC
MISC
MISC
MISC
MISC
clamav -- clamavClamAV before 0.97.7: dbg_printhex possible information leak2019-11-15not yet calculatedCVE-2013-7089
MISC
MISC
MISC
MISC
consolekit -- consolekitIn ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.2019-11-13not yet calculatedCVE-2010-4664
MISC
MISC
MISC
coolpad -- 1851_android_deviceThe Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15388
MISC
coolpad -- 1851_android_deviceThe Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15368
MISC
coolpad -- 1851_android_deviceThe Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15352
MISC
coolpad -- n3c_android_deviceThe Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15353
MISC
crun -- crun
 
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.2019-11-13not yet calculatedCVE-2019-18837
MISC
CONFIRM
MISC
MISC
cryptocat_project -- cryptocatAn unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165.2019-11-14not yet calculatedCVE-2013-4109
MISC
MISC
MISC
MISC
cryptocat_project -- cryptocatA Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22.2019-11-14not yet calculatedCVE-2013-4106
MISC
MISC
MISC
MISC
cryptocat_project -- cryptocatMultiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.2019-11-14not yet calculatedCVE-2013-4108
MISC
MISC
cubot -- nova_android_deviceThe Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15382
MISC
cyrus -- imapCyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.2019-11-15not yet calculatedCVE-2019-18928
MISC
MISC
data_plane_development_kit -- data_plane_development_kitA flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.2019-11-14not yet calculatedCVE-2019-14818
MISC
CONFIRM
dexp -- bl250_android_deviceThe Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15364
MISC
dexp -- z250_android_deviceThe Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15358
MISC
doogee -- bl5000_android_deviceThe Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15424
MISC
doogee -- mix_android_deviceThe Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15422
MISC
drupal -- drupalCross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field.2019-11-13not yet calculatedCVE-2013-4275
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
drupal -- drupalhook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.2019-11-13not yet calculatedCVE-2011-4972
MISC
MISC
MISC
drupal -- drupalAn access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.2019-11-15not yet calculatedCVE-2011-2726
MISC
MISC
MISC
MISC
MISC
CONFIRM
eclipse -- jettyJetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string.2019-11-15not yet calculatedCVE-2009-5047
MISC
MISC
MLIST
edgewall_software -- tracTrac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.2019-11-13not yet calculatedCVE-2010-5108
MISC
MISC
MISC
elephone -- a4_android_deviceThe Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15384
MISC
eq-3 -- homematic_ccu2_and_ccu3_deviceseQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request.2019-11-14not yet calculatedCVE-2019-18937
MISC
eq-3 -- homematic_ccu2_and_ccu3_deviceseQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.2019-11-14not yet calculatedCVE-2019-18938
MISC
eq-3 -- homematic_ccu2_and_ccu3_deviceseQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request.2019-11-14not yet calculatedCVE-2019-18939
MISC
espressif -- esp32An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset.2019-11-14not yet calculatedCVE-2019-17391
CONFIRM
evercross -- u50a_android_deviceThe Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0_VER_2017.04.21_17:55:55) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15431
MISC
evercross -- u6_android_deviceThe Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516486284094) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15432
MISC
exhibitor_web_ui -- exhibitor_web_uiAn exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.2019-11-13not yet calculatedCVE-2019-5029
MISC
f5 -- big-ipOn BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.2019-11-15not yet calculatedCVE-2019-6660
MISC
f5 -- big-ipOn version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.2019-11-15not yet calculatedCVE-2019-6659
MISC
f5 -- big-ipOn BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices.2019-11-15not yet calculatedCVE-2019-6664
MISC
f5 -- big-ipOn BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.2019-11-15not yet calculatedCVE-2019-6662
MISC
f5 -- big-ip_apmWhen the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources.2019-11-15not yet calculatedCVE-2019-6661
MISC
f5 -- mutilple_productsThe BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.2019-11-15not yet calculatedCVE-2019-6663
MISC
facebook -- whatsappA stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.2019-11-14not yet calculatedCVE-2019-11931
CONFIRM
fly -- photo_pro_android_deviceThe Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15380
MISC
fuji_electric -- v-serverIn Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.2019-11-13not yet calculatedCVE-2019-18240
MISC
gksu-polkit -- gksu-polkitIn gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.2019-11-15not yet calculatedCVE-2011-0703
MISC
MISC
gnu -- fribidiA buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.2019-11-13not yet calculatedCVE-2019-18397
CONFIRM
MISC
MISC
MISC
haier -- a6_android_deviceThe Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15359
MISC
haier -- a6_android_deviceThe Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15389
MISC
haier -- g8_android_deviceThe Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container app (versionCode=5, versionName=1.03.00_VER_32525983298984) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15390
MISC
haier -- g8_android_deviceThe Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15375
MISC
haier -- g8_android_deviceThe Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15370
MISC
haier -- p10_android_deviceThe Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15367
MISC
hisense -- f17_android_deviceThe Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15372
MISC
hisense -- u965_android_deviceThe Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15360
MISC
hitachi -- command_suiteA vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.2019-11-12not yet calculatedCVE-2019-17360
MISC
CONFIRM
huawei -- p30_smartphonesP30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.2019-11-13not yet calculatedCVE-2019-5288
MISC
huawei -- p30_smartphones
 
P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.2019-11-13not yet calculatedCVE-2019-5287
MISC
huawei-- harry-al00c_smartphonesSome Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.2019-11-12not yet calculatedCVE-2017-17224
CONFIRM
MISC
huawei -- emily-l29c_smartphonesHuawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage.2019-11-13not yet calculatedCVE-2019-5279
MISC
infinix -- note_5_android_deviceThe Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15385
MISC
infinix -- note_5_android_deviceThe Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15366
MISC
infinix -- note_5_android_deviceThe Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15361
MISC
intel -- multiple_processorsTSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.2019-11-14not yet calculatedCVE-2019-11135
CONFIRM
MISC
intel -- nuvoton_consumer_infrared_driverImproper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-14602
MISC
intel -- baseboard_management_controller_firmwareInsufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.2019-11-14not yet calculatedCVE-2019-11174
MISC
intel -- baseboard_management_controller_firmwareInsufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access.2019-11-14not yet calculatedCVE-2019-11179
MISC
intel -- baseboard_management_controller_firmwareMemory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.2019-11-14not yet calculatedCVE-2019-11182
MISC
intel -- baseboard_management_controller_firmwareAuthentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access.2019-11-14not yet calculatedCVE-2019-11170
MISC
intel -- baseboard_management_controller_firmwareStack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.2019-11-14not yet calculatedCVE-2019-11178
MISC
intel -- baseboard_management_controller_firmwareInsufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.2019-11-14not yet calculatedCVE-2019-11173
MISC
intel -- baseboard_management_controller_firmwareOut of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.2019-11-14not yet calculatedCVE-2019-11172
MISC
intel -- baseboard_management_controller_firmwareInsufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.2019-11-14not yet calculatedCVE-2019-11180
MISC
intel -- baseboard_management_controller_firmwareUnhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.2019-11-14not yet calculatedCVE-2019-11177
MISC
intel -- baseboard_management_controller_firmwareInsufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.2019-11-14not yet calculatedCVE-2019-11168
CONFIRM
MISC
intel -- baseboard_management_controller_firmwareHeap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.2019-11-14not yet calculatedCVE-2019-11171
MISC
intel -- baseboard_management_controller_firmwareOut of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.2019-11-14not yet calculatedCVE-2019-11181
MISC
intel -- baseboard_management_controller_firmwareInsufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.2019-11-14not yet calculatedCVE-2019-11175
MISC
intel -- core_processors_and_xeon_processorsInsufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-0151
MISC
intel -- ethernet_700_series_controllersInsufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-0142
MISC
intel -- ethernet_700_series_controllersResource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.2019-11-14not yet calculatedCVE-2019-0146
MISC
intel -- ethernet_700_series_controllersBuffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.2019-11-14not yet calculatedCVE-2019-0140
MISC
intel -- ethernet_700_series_controllersInsufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access.2019-11-14not yet calculatedCVE-2019-0139
MISC
intel -- ethernet_700_series_controllersBuffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-0145
MISC
intel -- ethernet_700_series_controllersUnhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.2019-11-14not yet calculatedCVE-2019-0144
MISC
intel -- ethernet_700_series_controllersUnhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.2019-11-14not yet calculatedCVE-2019-0143
MISC
intel -- ethernet_700_series_controllersResource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.2019-11-14not yet calculatedCVE-2019-0148
MISC
intel -- ethernet_700_series_controllersInsufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.2019-11-14not yet calculatedCVE-2019-0147
MISC
intel -- ethernet_700_series_controllersInsufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.2019-11-14not yet calculatedCVE-2019-0149
MISC
intel -- ethernet_700_series_controllersInsufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access.2019-11-14not yet calculatedCVE-2019-0150
MISC
intel -- graphics_driverPointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-11111
MISC
intel -- graphics_driverInsufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access.2019-11-14not yet calculatedCVE-2019-11089
MISC
intel -- graphics_driverImproper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.2019-11-14not yet calculatedCVE-2019-14590
MISC
intel -- graphics_driverOut of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.2019-11-14not yet calculatedCVE-2019-14574
MISC
intel -- graphics_driverImproper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.2019-11-14not yet calculatedCVE-2019-14591
MISC
intel -- graphics_driverBuffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access.2019-11-14not yet calculatedCVE-2019-11113
MISC
intel -- graphics_driverMemory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-11112
MISC
intel -- multiple_core_and_xeon_processorsInsufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.2019-11-14not yet calculatedCVE-2019-0117
MISC
intel -- multiple_core_and_xeon_processorsInsufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.2019-11-14not yet calculatedCVE-2019-0185
MISC
intel -- multiple_core_and_xeon_processorsInsufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-0124
MISC
intel -- multiple_core_and_xeon_processorsInsufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-0123
MISC
intel -- multiple_core_and_xeon_processorsInsufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access.2019-11-14not yet calculatedCVE-2019-0184
MISC
intel -- multiple_processorsImproper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.2019-11-14not yet calculatedCVE-2018-12207
MISC
intel -- multiple_processorsInsufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-0155
REDHAT
REDHAT
REDHAT
MISC
intel -- multiple_processorsInsufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.2019-11-14not yet calculatedCVE-2019-0154
MISC
intel -- multiple_xeon_processorsInsufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.2019-11-14not yet calculatedCVE-2019-11136
MISC
intel -- proset/wireless_wifi_softwareMemory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local access.2019-11-14not yet calculatedCVE-2019-11153
MISC
intel -- proset/wireless_wifi_softwareImproper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.2019-11-14not yet calculatedCVE-2019-11155
MISC
intel -- proset/wireless_wifi_softwareImproper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.2019-11-14not yet calculatedCVE-2019-11154
MISC
intel -- proset/wireless_wifi_softwareLogic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access.2019-11-14not yet calculatedCVE-2019-11156
MISC
intel -- software_guard_extensions_sdkInsufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.2019-11-14not yet calculatedCVE-2019-14565
MISC
intel -- software_guard_extensions_sdkInsufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.2019-11-14not yet calculatedCVE-2019-14566
MISC
intel -- wifi_driversMemory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access.2019-11-14not yet calculatedCVE-2019-11151
MISC
intel -- wifi_driversMemory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access.2019-11-14not yet calculatedCVE-2019-11152
MISC
intel -- xeon_processorsInsufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2019-11-14not yet calculatedCVE-2019-0152
MISC
intel -- xeon_processors_and_atom_processorsInsufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.2019-11-14not yet calculatedCVE-2019-11137
MISC
intel -- xeon_scalable_processorsImproper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.2019-11-14not yet calculatedCVE-2019-11139
MISC
joomla! -- joomla!views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.2019-11-13not yet calculatedCVE-2014-1214
MISC
MISC
kata -- m4s_android_deviceThe Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15425
MISC
klibc -- klibcIn klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.2019-11-14not yet calculatedCVE-2011-1930
MISC
MISC
MISC
MISC
MISC
lava -- flair_z1_android_deviceThe Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15356
MISC
lava -- flair_z1_android_deviceThe Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15333
MISC
lava -- iris_88_go_android_deviceThe Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15362
MISC
lava -- iris_88_go_android_deviceThe Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15334
MISC
lava -- iris_88_lite_android_deviceThe Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15374
MISC
lava -- iris_88_lite_android_deviceThe Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15338
MISC
lava -- z60s_android_deviceThe Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15386
MISC
lava -- z60s_android_deviceThe Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15339
MISC
lava -- z61_android_deviceThe Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15332
MISC
lava -- z61_turbo_android_deviceThe Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15369
MISC
lava -- z61_turbo_android_deviceThe Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15336
MISC
lava -- z81_android_deviceThe Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15337
MISC
lava -- z92_android_deviceThe Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15335
MISC
lava -- z92_android_deviceThe Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15365
MISC
leagoo -- power_5_android_deviceThe Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15363
MISC
lenovo -- thinkpad_t460pThe BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.2019-11-12not yet calculatedCVE-2019-6188
MISC
limnoria -- limnoriaEval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.2019-11-16not yet calculatedCVE-2019-19010
MISC
MISC
linux -- linux_kernelfs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.2019-11-14not yet calculatedCVE-2019-18885
MISC
MISC
MISC
marvell -- 88w8688_wi-fi_firmwareAn issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.2019-11-15not yet calculatedCVE-2019-13582
CONFIRM
marvell -- 88w8688_wi-fi_firmwareAn issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets.2019-11-15not yet calculatedCVE-2019-13581
CONFIRM
mcafee -- data_loss_preventionUnprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.2019-11-14not yet calculatedCVE-2019-3640
CONFIRM
mcafee -- total_protectionA Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.2019-11-13not yet calculatedCVE-2019-3648
CONFIRM
mediawiki -- mediawikiAn issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.2019-11-15not yet calculatedCVE-2019-18987
MISC
MISC
MISC
microsoft -- visual_studio_2017_and_2019An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.2019-11-12not yet calculatedCVE-2019-1425
MISC
mitsubishi_electric -- multiple_productsIn Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.2019-11-13not yet calculatedCVE-2019-13555
MISC
moodle -- moodleMoodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.2019-11-14not yet calculatedCVE-2012-1169
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
moodle -- moodleMoodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.2019-11-14not yet calculatedCVE-2012-1168
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
moodle -- moodleMoodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export2019-11-14not yet calculatedCVE-2012-1158
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
moodle -- moodleMoodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default2019-11-14not yet calculatedCVE-2012-1157
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
moodle -- moodleMoodle before 2.2.2 has users' private files included in course backups2019-11-14not yet calculatedCVE-2012-1156
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
moodle -- moodleMoodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to2019-11-14not yet calculatedCVE-2012-1155
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
moodle -- moodleMoodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php2019-11-14not yet calculatedCVE-2012-1160
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
netease -- pomeloPomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input.2019-11-14not yet calculatedCVE-2019-18954
MISC
MISC
netgear -- wndr4700_centria_firmwareA Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.2019-11-14not yet calculatedCVE-2013-3073
CONFIRM
MISC
MISC
MISC
MISC
MISC
netgear -- wndr4700_centria_firmwareAn Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.2019-11-14not yet calculatedCVE-2013-3072
CONFIRM
MISC
MISC
MISC
netgear -- wndr4700_firmwareAn Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.2019-11-14not yet calculatedCVE-2013-3070
CONFIRM
MISC
MISC
MISC
MISC
netgear -- wnr3500u_and_wnr3500l_routersNETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.2019-11-13not yet calculatedCVE-2013-3516
MISC
MISC
MISC
netgear -- wnr3500u_and_wnr3500l_wireless_routersSymlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.2019-11-13not yet calculatedCVE-2013-4657
MISC
nss -- nss
 
Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.2019-11-15not yet calculatedCVE-2016-5285
MISC
MISC
MISC
MISC
MISC
MISC
MISC
panasonic -- eluga_i9_android_deviceThe Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15429
MISC
panasonic -- eluga_ray_530_android_deviceThe Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15376
MISC
panasonic -- eluga_ray_600_android_deviceThe Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15378
MISC
perdition -- perditionPerdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections2019-11-15not yet calculatedCVE-2013-4584
MISC
MISC
MISC
MISC
MISC
php -- phpPHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.2019-11-13not yet calculatedCVE-2010-4657
MISC
MISC
MISC
MISC
pimcore -- pimcorePimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.2019-11-15not yet calculatedCVE-2019-18981
MISC
MISC
pimcore -- pimcorebundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.2019-11-15not yet calculatedCVE-2019-18982
MISC
MISC
pimcore -- pimcorePimcore before 6.2.2 lacks brute force protection for the 2FA token.2019-11-15not yet calculatedCVE-2019-18985
MISC
MISC
pimcore -- pimcorePimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.2019-11-15not yet calculatedCVE-2019-18986
MISC
MISC
pithos -- pithospithos before 0.3.5 allows overwrite of arbitrary files via symlinks.2019-11-13not yet calculatedCVE-2010-4817
MISC
MISC
MISC
MISC
MISC
poppler -- popplerAn integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.2019-11-13not yet calculatedCVE-2010-4653
MISC
MISC
MISC
MISC
MISC
poppler -- popplerpoppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.2019-11-13not yet calculatedCVE-2010-4654
MISC
MISC
MISC
MISC
project_acrn -- acrn_hypervisor
 
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core.2019-11-13not yet calculatedCVE-2019-18844
MISC
MISC
MISC
MISC
MISC
qtnx -- qtnxqtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.2019-11-15not yet calculatedCVE-2011-2916
MISC
MISC
MISC
rack_cors_gem_for_ruby_on_rails -- rack_cors_gem_for_ruby_on_railsAn issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.2019-11-14not yet calculatedCVE-2019-18978
MISC
MISC
red_hat -- openshiftOpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution2019-11-15not yet calculatedCVE-2014-0023
MISC
MISC
rise -- ultimate_project_managerindex.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users.2019-11-13not yet calculatedCVE-2019-18884
MISC
MISC
rsyslog -- rsyslogA memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time.2019-11-14not yet calculatedCVE-2011-1488
MISC
MISC
MISC
MISC
rsyslog -- rsyslogA memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.2019-11-14not yet calculatedCVE-2011-1489
MISC
MISC
MISC
MISC
rsyslog -- rsyslogA memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset2019-11-14not yet calculatedCVE-2011-1490
MISC
MISC
MISC
MISC
samsung -- a3_android_deviceThe Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15433
MISC
samsung -- a5_android_deviceThe Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15434
MISC
samsung -- a7_android_deviceThe Samsung A7 Android device with a build fingerprint of samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15435
MISC
samsung -- a8+_android_deviceThe Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15436
MISC
samsung -- j3_android_deviceThe Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15452
MISC
samsung -- j3_android_device
 
The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15451
MISC
samsung -- j3popeltecan_android_deviceThe Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15450
MISC
samsung -- j4_android_deviceThe Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15453
MISC
samsung -- j4_android_deviceThe Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15454
MISC
samsung -- j5_android_deviceThe Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15455
MISC
samsung -- j5_android_deviceThe Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15440
MISC
samsung -- j6_android_deviceThe Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15456
MISC
samsung -- j6_android_deviceThe Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15457
MISC
samsung -- j7_android_deviceThe Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15445
MISC
samsung -- j7_android_deviceThe Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15446
MISC
samsung -- j7_android_deviceThe Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15444
MISC
samsung -- j7_duo_android_deviceThe Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15462
MISC
samsung -- j7_edge_android_deviceThe Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15448
MISC
samsung -- j7_edge_android_deviceThe Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15447
MISC
samsung -- j7_max_android_deviceThe Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15443
MISC
samsung -- j7_neo_android_deviceThe Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15459
MISC
samsung -- j7_neo_android_deviceThe Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15460
MISC
samsung -- j7_neo_android_deviceThe Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15458
MISC
samsung -- j7_neo_android_deviceThe Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15461
MISC
samsung -- j7_on7xeltelgt_android_deviceThe Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15441
MISC
samsung -- j7_on7xelteskt_android_deviceThe Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15442
MISC
samsung -- j7_pro_android_deviceThe Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15464
MISC
samsung -- j7_pro_android_deviceThe Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15465
MISC
samsung -- j7popeltemtr_android_deviceThe Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15463
MISC
samsung -- s7_edge_android_deviceThe Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15449
MISC
samsung -- xcover4_android_deviceThe Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15438
MISC
samsung -- xcover4_android_deviceThe Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15439
MISC
samsung -- xcover4_android_deviceThe Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15437
MISC
sap -- erp_sales_and_s4hana_salesOrder processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.2019-11-13not yet calculatedCVE-2019-0386
MISC
MISC
sap -- ui5_and_ui_700SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.2019-11-13not yet calculatedCVE-2019-0388
MISC
MISC
sas -- xml_mapperSAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.2019-11-14not yet calculatedCVE-2019-14678
MISC
MISC
scanguard -- scanguardScanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.2019-11-14not yet calculatedCVE-2019-18895
MISC
FULLDISC
MISC
MISC
signify -- philips_taolight_smart_wi-fi_wiz_connected_led_bulb
 
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.2019-11-14not yet calculatedCVE-2019-18980
MISC

simpleledger -- slp-validate

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0.0 have been patched.2019-11-15not yet calculatedCVE-2019-16761
MISC
CONFIRM
simpleledger -- slp-validate
 
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4.2019-11-15not yet calculatedCVE-2019-16762
MISC
CONFIRM
snowhaze -- snowhaze
 
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.2019-11-14not yet calculatedCVE-2019-18949
MISC
soft112 -- file_sharing_wizardFile Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331.2019-11-12not yet calculatedCVE-2019-18655
MISC
sony -- keyaki_kddi_android_deviceThe Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.2019-11-14not yet calculatedCVE-2019-15416
MISC
sony -- xperia_touch_android_deviceThe Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage.2019-11-14not yet calculatedCVE-2019-15743
MISC
sony -- xperia_xzs_android_deviceThe Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15744
MISC
stmicroelectronics -- st33phf2espi_tpm_devicesSTMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.2019-11-14not yet calculatedCVE-2019-16863
MISC
CONFIRM
symantec -- endpoint_protectionSymantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2019-11-15not yet calculatedCVE-2019-18372
MISC
symantec -- endpoint_protectionSymantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.2019-11-15not yet calculatedCVE-2019-12756
MISC
symantec -- endpoint_protectionSymantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.2019-11-15not yet calculatedCVE-2019-12758
MISC
symantec -- endpoint_protection_and_endpoint_protection_small_business_editionSymantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2019-11-15not yet calculatedCVE-2019-12757
MISC
symantec -- endpoint_protection_managerSymantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2019-11-15not yet calculatedCVE-2018-18368
MISC

symantec -- endpoint_protection_manager_and_mail_security_for_ms_exchange

Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2019-11-15not yet calculatedCVE-2019-12759
MISC
symphony -- g100_android_deviceThe Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15371
MISC
symphony -- i95_lite_android_deviceThe Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15373
MISC
tecno -- camon_android_deviceThe Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15350
MISC
tecno -- camon_android_deviceThe Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15348
MISC
tecno -- camon_android_deviceThe Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15351
MISC
tecno -- camon_android_deviceThe Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15349
MISC
tecno -- camon_iair_2_plus_android_deviceThe Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15342
MISC
tecno -- camon_iair_2_plus_android_deviceThe Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15341
MISC
tecno -- camon_iclick_2_android_deviceThe Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15346
MISC
tecno -- camon_iclick_2_android_deviceThe Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15347
MISC
tecno -- camon_iclick_android_deviceThe Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15345
MISC
tecno -- camon_iclick_android_deviceThe Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15355
MISC
tecno -- camon_iclick_android_deviceThe Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15343
MISC
tecno -- camon_iclick_android_deviceThe Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.2019-11-14not yet calculatedCVE-2019-15344
MISC
tecno -- spark_pro_android_deviceThe Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15417
MISC
tematres -- tematresTemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.2019-11-15not yet calculatedCVE-2019-14343
MISC
MISC
MISC
MISC
tematres -- tematresTemaTres 3.0 allows remote unprivileged users to create an administrator account2019-11-15not yet calculatedCVE-2019-14345
MISC
MISC
MISC
MISC
tesseract -- tesseractIn tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.2019-11-14not yet calculatedCVE-2011-1136
MISC
MISC
MISC
texas_instruments -- cc256x_and_wl18xx_dual_mode_bluetooth_controller_devicesTexas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.2019-11-13not yet calculatedCVE-2019-15948
MISC
MISC
thunar -- thunarThunar 1.2 through 1.2.1 could crash when copy and pasting a file name with % format characters due to a format string error.2019-11-14not yet calculatedCVE-2011-1588
MISC
MISC
MISC
MISC
tp-link -- tl-wdr4300_and_tl-1043nd_wireless_routersSymlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..2019-11-13not yet calculatedCVE-2013-4654
MISC
MISC
MISC
trendnet -- tew-691gr_and_tew-692gr_wireless_routersUndocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G?DFdg_24Mhw3.2019-11-13not yet calculatedCVE-2013-3367
MISC
MISC
MISC
trendnet -- tew-812dru_wireless_routerUndocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G?DFdg_24Mhw3.2019-11-13not yet calculatedCVE-2013-3366
MISC
MISC
MISC
udisks -- udisksudisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.2019-11-13not yet calculatedCVE-2010-4661
MISC
MISC
MISC
MISC
ulefone -- armor_5_android_deviceThe Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15354
MISC
unixodbc -- unixodbcThe SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.2019-11-14not yet calculatedCVE-2011-1145
MISC
MISC
MISC
MISC
v86d -- v86dv86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.2019-11-14not yet calculatedCVE-2011-1070
MISC
MISC
MISC
walton -- primo_g3_android_deviceThe Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.2019-11-14not yet calculatedCVE-2019-15379
MISC
wordpress -- wordpressThe Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.2019-11-13not yet calculatedCVE-2019-17550
MISC
MISC
MISC
MISC
wordpress -- wordpressThe CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.2019-11-13not yet calculatedCVE-2019-17515
MISC
MISC
MISC
xiaomi -- redmi_5_android_deviceThe Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15415
MISC
xiaomi -- 5s_plus_android_deviceThe Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15426
MISC
xiaomi -- cepheus_android_deviceThe Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.2019-11-14not yet calculatedCVE-2019-15474
MISC
xiaomi -- mi_a2_lite_android_deviceThe Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.2019-11-14not yet calculatedCVE-2019-15473
MISC
xiaomi -- mi_a2_lite_android_deviceThe Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15468
MISC
xiaomi -- mi_a2_lite_android_deviceThe Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.2019-11-14not yet calculatedCVE-2019-15472
MISC
xiaomi -- mi_a3_android_deviceThe Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.2019-11-14not yet calculatedCVE-2019-15475
MISC
xiaomi -- mi_mix_2s_android_deviceThe Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15467
MISC
xiaomi -- mi_mix_2s_android_deviceThe Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage.2019-11-14not yet calculatedCVE-2019-15471
MISC
xiaomi -- mi_mix_android_deviceThe Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15427
MISC
xiaomi -- mi_note_2_android_deviceThe Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15428
MISC
xiaomi -- mi_pad_4_android_deviceThe Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage.2019-11-14not yet calculatedCVE-2019-15469
MISC
xiaomi -- redmi_6_pro_android_deviceThe Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.2019-11-14not yet calculatedCVE-2019-15466
MISC
xiaomi -- redmi_6_pro_android_deviceThe Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface.2019-11-14not yet calculatedCVE-2019-15340
MISC
xiaomi -- redmi_note_6_pro_android_deviceThe Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage.2019-11-14not yet calculatedCVE-2019-15470
MISC
zte -- zxhn_h108nThe version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.2019-11-13not yet calculatedCVE-2019-3420
MISC
zyxel -- gs1900_devicesAn issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)2019-11-14not yet calculatedCVE-2019-15800
MISC
CONFIRM
zyxel -- gs1900_devicesAn issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.2019-11-14not yet calculatedCVE-2019-15802
MISC
CONFIRM
zyxel -- gs1900_devicesAn issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.2019-11-14not yet calculatedCVE-2019-15803
MISC
CONFIRM
zyxel -- gs1900_devicesAn issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.2019-11-14not yet calculatedCVE-2019-15804
MISC
CONFIRM
zyxel -- gs1900_devicesAn issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.2019-11-14not yet calculatedCVE-2019-15801
MISC
CONFIRM
zyxel -- gs1900_devicesAn issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.2019-11-14not yet calculatedCVE-2019-15799
MISC
MISC
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.