Vulnerability Summary for the Week of September 2, 2019
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alfresco -- alfresco | An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface. | 2019-09-05 | 7.5 | CVE-2019-14222 MISC |
alfresco -- alfresco | An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution. | 2019-09-05 | 9.0 | CVE-2019-14224 MISC |
artifex -- ghostscript | A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | 2019-09-06 | 7.5 | CVE-2019-14813 CONFIRM CONFIRM |
asus -- precision_touchpad | AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. | 2019-09-04 | 7.5 | CVE-2019-10709 MISC MISC |
broadcom -- ca_client_automation | An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | 2019-09-06 | 7.5 | CVE-2019-13656 MISC |
cisco -- jabber | A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software. | 2019-09-04 | 7.2 | CVE-2019-12645 CISCO |
cisco -- nx-os | A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default. | 2019-08-30 | 7.8 | CVE-2019-1967 CISCO |
cisco -- unified_computing_system | A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device. | 2019-08-30 | 7.2 | CVE-2019-1966 CISCO |
cisco -- webex_teams | A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. | 2019-09-04 | 9.3 | CVE-2019-1939 CISCO |
egain -- chat | eGain Chat 15.0.3 allows unrestricted file upload. | 2019-09-04 | 7.5 | CVE-2019-13976 MISC |
eventum_project -- eventum | Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2. | 2019-09-05 | 7.5 | CVE-2018-11569 MISC |
exim -- exim | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | 2019-09-06 | 10.0 | CVE-2019-15846 MISC MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST FEDORA FEDORA BUGTRAQ GENTOO UBUNTU DEBIAN CERT-VN MISC |
freebsd -- freebsd | In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. | 2019-08-30 | 7.5 | CVE-2019-5608 CONFIRM |
freebsd -- freebsd | In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. | 2019-08-30 | 7.8 | CVE-2019-5611 MISC BUGTRAQ CONFIRM |
freebsd -- freebsd | In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer. | 2019-08-30 | 7.8 | CVE-2019-5612 CONFIRM |
fusionpbx -- fusionpbx | FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command. | 2019-09-05 | 9.0 | CVE-2019-15029 MISC MISC MISC |
google -- android | NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address | 2019-09-06 | 7.2 | CVE-2018-6240 MISC |
google -- android | In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2019-09-05 | 9.3 | CVE-2019-2108 MISC |
google -- android | In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-05 | 7.2 | CVE-2019-2115 MISC |
google -- android | In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-05 | 7.2 | CVE-2019-2174 MISC |
google -- android | In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2019-09-05 | 9.3 | CVE-2019-2176 MISC |
google -- android | In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-05 | 7.2 | CVE-2019-2178 MISC |
google -- android | In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-05 | 7.2 | CVE-2019-9254 MISC |
hanwha-security -- srn-472s_firmware | An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device. | 2019-09-05 | 7.8 | CVE-2019-12223 MISC MISC MISC |
libreoffice -- libreoffice | LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | 2019-09-06 | 7.5 | CVE-2019-9854 CONFIRM |
libreoffice -- libreoffice | LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | 2019-09-06 | 7.5 | CVE-2019-9855 CONFIRM |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | 2019-09-04 | 7.2 | CVE-2017-18595 MISC MISC |
linux -- linux_kernel | A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | 2019-09-04 | 7.5 | CVE-2019-15902 MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | 2019-09-04 | 7.8 | CVE-2019-15916 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. | 2019-09-04 | 7.2 | CVE-2019-15917 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21. | 2019-09-04 | 7.2 | CVE-2019-15918 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. | 2019-09-04 | 7.2 | CVE-2019-15919 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak. | 2019-09-04 | 7.2 | CVE-2019-15920 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c. | 2019-09-04 | 7.2 | CVE-2019-15925 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c. | 2019-09-04 | 9.4 | CVE-2019-15926 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. | 2019-09-04 | 7.2 | CVE-2019-15927 MISC MISC |
nagios -- nagios_xi | Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root. | 2019-09-05 | 9.0 | CVE-2019-15949 MISC |
opensc_project -- opensc | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. | 2019-09-05 | 7.5 | CVE-2019-15945 MISC MISC |
opensc_project -- opensc | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | 2019-09-05 | 7.5 | CVE-2019-15946 MISC MISC |
pengutronix -- barebox | Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. | 2019-09-05 | 7.5 | CVE-2019-15937 MISC |
pengutronix -- barebox | Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. | 2019-09-05 | 7.5 | CVE-2019-15938 MISC |
restaurant_reservations_project -- restaurant_reservations | The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. | 2019-08-30 | 7.5 | CVE-2019-15819 MISC MISC MISC |
sonatype -- nexus_repository_manager | The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. | 2019-09-03 | 9.0 | CVE-2019-5475 MISC |
symphonyextensions -- rich_text_formatter | The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. | 2019-09-05 | 7.5 | CVE-2019-13187 MISC MISC |
totaljs -- total.js_cms | An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script> | 2019-09-05 | 9.0 | CVE-2019-15954 MISC MISC |
varnish-cache -- varnish | An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. | 2019-09-03 | 7.8 | CVE-2019-15892 BUGTRAQ MISC DEBIAN |
wpbrigade -- loginpress | The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. | 2019-09-03 | 7.5 | CVE-2019-15872 MISC MISC |
wpserveur -- wps_child_theme_generator | The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | 2019-08-30 | 7.5 | CVE-2019-15822 MISC MISC MISC |
wpserveur -- wps_hide_login | The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. | 2019-08-30 | 7.5 | CVE-2019-15823 MISC MISC MISC |
wpserveur -- wps_hide_login | The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. | 2019-08-30 | 7.5 | CVE-2019-15824 MISC MISC MISC |
wpserveur -- wps_hide_login | The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. | 2019-08-30 | 7.5 | CVE-2019-15825 MISC MISC MISC |
wpserveur -- wps_hide_login | The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. | 2019-08-30 | 7.5 | CVE-2019-15826 MISC MISC MISC |
xiaoyi -- yi_m1_mirrorless_camera_firmware | An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication. | 2019-09-06 | 8.3 | CVE-2019-13953 MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web -- photo_gallery | The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | 2019-08-30 | 6.8 | CVE-2015-9380 MISC MISC MISC |
abus -- secvest_wireless_alarm_system_fuaa50000_firmware | An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. | 2019-09-03 | 5.0 | CVE-2019-14261 MISC FULLDISC BUGTRAQ MISC |
airbrake -- airbrake_ruby | The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected). | 2019-09-06 | 5.0 | CVE-2019-16060 MISC |
apache -- commons_compress | The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. | 2019-08-30 | 5.0 | CVE-2019-12402 MISC |
artifex -- ghostscript | A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | 2019-09-03 | 6.8 | CVE-2019-14811 CONFIRM |
bitcoin -- bitcoin-qt | In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command. | 2019-09-05 | 5.0 | CVE-2019-15947 MISC MISC |
blynk -- blynk-library | An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. | 2019-09-05 | 5.0 | CVE-2019-5065 MISC |
bold-themes -- bold_page_builder | The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. | 2019-08-30 | 5.0 | CVE-2019-15821 MISC MISC MISC |
canon -- print | The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key. | 2019-09-05 | 4.3 | CVE-2019-14339 MISC MISC |
cisco -- content_security_management_appliance | A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users. | 2019-09-04 | 4.0 | CVE-2019-12635 CISCO |
cisco -- finesse | A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions. | 2019-09-04 | 5.0 | CVE-2019-12632 CISCO |
cisco -- identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2019-09-04 | 4.3 | CVE-2019-12644 CISCO |
cisco -- network_level_service | A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials. | 2019-09-04 | 5.0 | CVE-2019-1976 CISCO |
cisco -- nx-os | A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. | 2019-08-30 | 5.0 | CVE-2019-1968 CISCO |
cisco -- nx-os | A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name. | 2019-08-30 | 5.0 | CVE-2019-1969 CISCO |
cisco -- nx-os | A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism. | 2019-08-30 | 4.3 | CVE-2019-1977 CISCO |
cisco -- unified_contact_center_express | A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions. | 2019-09-04 | 5.0 | CVE-2019-12633 CISCO |
convertplug -- convertplus | The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. | 2019-09-03 | 5.0 | CVE-2019-15863 MISC |
custom_404_pro_project -- custom_404_pro | The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. | 2019-08-30 | 4.3 | CVE-2019-15838 MISC MISC |
dell -- emc_enterprise_copy_data_management | Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim?s data in transit. | 2019-09-03 | 5.8 | CVE-2019-3751 MISC |
dell -- emc_unity_operating_environment | Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. | 2019-09-03 | 4.3 | CVE-2019-3754 CONFIRM |
egain -- chat | eGain Chat 15.0.3 allows HTML Injection. | 2019-09-04 | 4.3 | CVE-2019-13975 MISC |
eng -- knowage | In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. | 2019-09-05 | 5.0 | CVE-2019-13188 MISC |
eng -- knowage | In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page. | 2019-09-05 | 5.0 | CVE-2019-13190 MISC |
epignosishq -- efront_lms | A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | 2019-09-05 | 6.5 | CVE-2019-5069 MISC |
epignosishq -- efront_lms | An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 2019-09-05 | 6.4 | CVE-2019-5070 MISC |
espressif -- esp-idf | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. | 2019-09-04 | 4.8 | CVE-2019-12587 MISC MISC MISC |
estrongs -- es_file_explorer_file_manager | The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage. | 2019-09-05 | 5.0 | CVE-2019-11380 MISC |
estsoft -- alsee | A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. | 2019-08-30 | 6.8 | CVE-2019-12810 CONFIRM |
ezautomation -- ez_plc_editor | An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. | 2019-09-04 | 6.8 | CVE-2019-13522 MISC |
ezautomation -- ez_touch_editor | An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. | 2019-09-04 | 6.8 | CVE-2019-13518 MISC |
f5 -- big-ip_access_policy_manager | On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges. | 2019-09-04 | 6.5 | CVE-2019-6646 MISC |
facebook -- facebook_for_woocommerce | The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | 2019-08-30 | 6.8 | CVE-2019-15840 MISC |
facebook -- facebook_for_woocommerce | The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | 2019-08-30 | 6.8 | CVE-2019-15841 MISC |
ffmpeg -- ffmpeg | FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | 2019-09-05 | 6.8 | CVE-2019-15942 MISC |
freebsd -- freebsd | In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host. | 2019-08-30 | 6.4 | CVE-2019-5609 CONFIRM |
freebsd -- freebsd | In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. | 2019-08-30 | 5.0 | CVE-2019-5610 MISC BUGTRAQ CONFIRM |
freedesktop -- poppler | Poppler before 0.76.0 has an integer overflow in Parser::makeStream in Parser.cc. | 2019-09-05 | 6.8 | CVE-2018-21009 MISC |
freetype -- freetype | FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | 2019-09-03 | 6.8 | CVE-2015-9381 MISC MLIST MISC |
freetype -- freetype | FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. | 2019-09-03 | 4.3 | CVE-2015-9382 MISC MLIST MISC |
freetype -- freetype | FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. | 2019-09-03 | 4.3 | CVE-2015-9383 MISC MLIST MISC |
glyphandcog -- xpdfreader | Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002. | 2019-09-03 | 4.3 | CVE-2019-15860 MISC |
gnu -- gcc | The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. | 2019-09-02 | 5.0 | CVE-2019-15847 MISC |
google -- android | In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-05 | 4.6 | CVE-2019-2123 MISC |
google -- android | In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2019-09-05 | 4.4 | CVE-2019-2175 MISC |
google -- android | In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2019-09-05 | 6.8 | CVE-2019-2177 MISC |
google -- android | In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2019-09-05 | 4.3 | CVE-2019-2179 MISC |
google -- android | In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2019-09-05 | 6.9 | CVE-2019-2181 MISC |
grafana -- grafana | In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. | 2019-09-03 | 5.0 | CVE-2019-15043 CONFIRM MISC MISC CONFIRM FEDORA FEDORA |
ibm -- intelligent_operations_center | IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. | 2019-09-05 | 5.0 | CVE-2019-4321 CONFIRM XF |
ibm -- jazz_for_service_management | IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976. | 2019-09-05 | 4.3 | CVE-2019-4186 XF CONFIRM |
instagram-php-api_project -- instagram-php-api | cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | 2019-09-04 | 4.3 | CVE-2019-14470 MISC MISC MISC EXPLOIT-DB |
jetbrains -- teamcity | JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. | 2019-09-05 | 4.3 | CVE-2019-15848 CONFIRM |
knowage-suite -- knowage | In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. | 2019-09-05 | 4.0 | CVE-2019-13349 MISC |
knowage-suite -- knowage | In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. | 2019-09-05 | 5.0 | CVE-2019-14278 MISC |
lenovo -- xclarity_administrator | An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | 2019-09-03 | 5.0 | CVE-2019-6179 MISC |
lenovo -- xclarity_administrator | A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | 2019-09-03 | 4.3 | CVE-2019-6181 MISC |
lenovo -- xclarity_administrator | A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself. | 2019-09-03 | 4.0 | CVE-2019-6182 MISC |
libexpat_project -- libexpat | In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | 2019-09-04 | 5.0 | CVE-2019-15903 MISC MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. | 2019-09-04 | 4.9 | CVE-2018-21008 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. | 2019-09-04 | 4.6 | CVE-2019-15921 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. | 2019-09-04 | 4.9 | CVE-2019-15922 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. | 2019-09-04 | 4.9 | CVE-2019-15923 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure. | 2019-09-04 | 4.9 | CVE-2019-15924 MISC MISC |
login_or_logout_menu_item_project -- login_or_logout_menu_item | The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. | 2019-08-30 | 5.8 | CVE-2019-15820 MISC MISC MISC |
memcached -- memcached | memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. | 2019-08-30 | 5.0 | CVE-2019-15026 CONFIRM CONFIRM MLIST |
mongodb -- mongodb | An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility. | 2019-08-30 | 6.8 | CVE-2019-2390 CONFIRM |
mulesoft -- api_gateway | Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. | 2019-08-30 | 5.0 | CVE-2019-15630 MISC |
nagios -- log_server | Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | 2019-09-03 | 4.3 | CVE-2019-15898 MISC MISC |
naver -- cloud_explorer | NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. | 2019-09-03 | 5.0 | CVE-2019-13156 CONFIRM |
onkyo -- tx-nr686_firmware | Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. | 2019-08-30 | 5.0 | CVE-2019-6113 MISC |
opencv -- opencv | An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. | 2019-09-05 | 5.0 | CVE-2019-15939 MISC MISC |
profilegrid -- profilegrid | The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | 2019-09-03 | 6.5 | CVE-2019-15873 MISC MISC |
rancher -- rancher | Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim. | 2019-09-04 | 4.3 | CVE-2019-13209 MISC CONFIRM |
realestateconnected -- easy_property_listings | The easy-property-listings plugin before 3.4 for WordPress has XSS. | 2019-08-30 | 4.3 | CVE-2019-15817 MISC MISC |
samba -- samba | A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. | 2019-09-03 | 6.4 | CVE-2019-10197 CONFIRM BUGTRAQ CONFIRM UBUNTU DEBIAN MISC |
sapplica -- sentrifugo | Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. | 2019-09-06 | 6.8 | CVE-2019-16059 MISC |
sentrifugo -- sentrifugo | Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | 2019-09-04 | 6.5 | CVE-2019-15813 EXPLOIT-DB |
shaosina -- sina_extension_for_elementor | The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | 2019-08-30 | 5.0 | CVE-2019-15839 MISC MISC MISC |
simple_mail_address_encoder_project -- simple_mail_address_encoder | The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. | 2019-08-30 | 4.3 | CVE-2019-15833 MISC |
statichttpserver_project -- statichttpserver | A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. | 2019-09-03 | 5.0 | CVE-2019-5480 MISC |
symantec -- advanced_secure_gateway | The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | 2019-08-30 | 4.3 | CVE-2018-18370 CONFIRM |
symantec -- advanced_secure_gateway | The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | 2019-08-30 | 4.0 | CVE-2018-18371 CONFIRM |
symantec -- management_center | An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. | 2019-08-30 | 4.0 | CVE-2019-9697 CONFIRM |
symantec -- reporter | An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. | 2019-08-30 | 4.0 | CVE-2019-12753 CONFIRM |
totaljs -- total.js_cms | An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension. | 2019-09-05 | 6.5 | CVE-2019-15952 MISC FULLDISC MISC MISC |
totaljs -- total.js_cms | An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation. | 2019-09-05 | 6.5 | CVE-2019-15953 MISC MISC |
totaljs -- total.js_cms | An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n^x complexity, and steal the admin password. | 2019-09-05 | 4.0 | CVE-2019-15955 MISC MISC |
totemo -- totemomail | Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | 2019-08-30 | 4.3 | CVE-2018-15510 MISC |
totemo -- totemomail | Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | 2019-08-30 | 4.3 | CVE-2018-15511 MISC |
totemo -- totemomail | Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | 2019-08-30 | 4.3 | CVE-2018-15512 MISC |
totemo -- totemomail | Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | 2019-08-30 | 5.0 | CVE-2018-15513 MISC |
tribulant -- one_click_ssl | The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | 2019-08-30 | 6.8 | CVE-2019-15828 MISC MISC |
uclouvain -- openjpeg | OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | 2019-09-05 | 6.8 | CVE-2018-21010 MISC |
webcraftic -- simple_301_redirects | The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. | 2019-08-30 | 5.8 | CVE-2019-15818 MISC MISC MISC |
webcraftic -- woody_ad_snippets | admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. | 2019-09-03 | 4.3 | CVE-2019-15858 MISC MISC |
webp_converter_for_media_project -- webp_converter_for_media | The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. | 2019-08-30 | 6.8 | CVE-2019-15834 MISC MISC |
wp-buy -- visitor_traffic_real_time_statistics | The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | 2019-08-30 | 6.8 | CVE-2019-15831 MISC MISC |
wp-buy -- visitor_traffic_real_time_statistics | The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | 2019-08-30 | 6.8 | CVE-2019-15832 MISC MISC |
wp_better_permalinks_project -- wp_better_permalinks | The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. | 2019-08-30 | 6.8 | CVE-2019-15835 MISC MISC |
wpaffiliatemanager -- affiliates_manager | The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. | 2019-09-03 | 6.8 | CVE-2019-15868 MISC MISC |
wpbrigade -- loginpress | The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings. | 2019-09-03 | 4.0 | CVE-2019-15871 MISC MISC |
wpexpertdeveloper -- wp_private_content_plus | The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | 2019-08-30 | 5.0 | CVE-2019-15816 MISC MISC MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
bitwise-it -- webp_express | The webp-express plugin before 0.14.8 for WordPress has stored XSS. | 2019-08-30 | 3.5 | CVE-2019-15837 MISC MISC |
bootstrapped -- wp_ultimate_recipe | The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. | 2019-08-30 | 3.5 | CVE-2019-15836 MISC MISC |
espressif -- arduino-esp32 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. | 2019-09-04 | 3.3 | CVE-2019-12586 MISC MISC MISC |
f5 -- container_ingress_service | On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | 2019-09-04 | 1.9 | CVE-2019-6648 MISC |
freedesktop -- systemd | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | 2019-09-04 | 2.1 | CVE-2019-15718 MISC MISC FEDORA FEDORA |
google -- android | In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-05 | 2.1 | CVE-2019-2103 MISC |
google -- android | In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure. | 2019-09-05 | 2.1 | CVE-2019-2124 MISC |
google -- android | In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-05 | 2.1 | CVE-2019-2180 MISC |
greentreelabs -- gallery_photoblocks | The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | 2019-08-30 | 3.5 | CVE-2019-15829 MISC MISC |
ibm -- business_automation_workflow | IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415. | 2019-09-05 | 3.5 | CVE-2019-4149 XF CONFIRM |
icegram -- icegram | The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. | 2019-08-30 | 3.5 | CVE-2019-15830 MISC MISC MISC |
lenovo -- xclarity_administrator | A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | 2019-09-03 | 3.5 | CVE-2019-6180 MISC |
mongodb -- mongodb | Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. | 2019-08-30 | 3.3 | CVE-2019-2389 CONFIRM |
onesignal -- onesignal-free-web-push-notifications | The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | 2019-08-30 | 3.5 | CVE-2019-15827 MISC MISC MISC |
philips -- hdi_4000_firmware | In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product. | 2019-09-04 | 3.6 | CVE-2019-10988 MISC |
redhat -- virtualization_host | An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. | 2019-09-03 | 2.1 | CVE-2019-1125 REDHAT MISC |
sentrifugo -- sentrifugo | Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | 2019-09-04 | 3.5 | CVE-2019-15814 EXPLOIT-DB |
smanos -- w100_firmware | Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. | 2019-09-05 | 3.3 | CVE-2019-13361 MISC |
symantec -- vip | Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | 2019-08-30 | 3.5 | CVE-2019-12754 CONFIRM |
tiktok -- tiktok | The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic. | 2019-09-04 | 3.3 | CVE-2019-14319 MISC MISC |
xilinx -- zynq_ultrascale+_mpsoc_firmware | A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior. | 2019-09-03 | 2.1 | CVE-2019-5478 MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alfresco -- alfresco_community_edition | An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). | 2019-09-06 | not yet calculated | CVE-2019-14223 MISC |
artifex -- ghostscript | A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | 2019-09-03 | not yet calculated | CVE-2019-14817 CONFIRM CONFIRM |
becton_dickinson_and_company -- pyxis_es_and_pyxis_enterprise_server_with_windows_server | In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. | 2019-09-06 | not yet calculated | CVE-2019-13517 MISC |
challenge_healthcare -- change_healthcare_cardiology_and_horizon_cardiology_and_mckesson_cardiology | A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code. | 2019-09-06 | not yet calculated | CVE-2018-18630 MISC MISC |
d-link -- dir-806_devices | D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning. | 2019-09-06 | not yet calculated | CVE-2019-10891 MISC |
d-link -- dir-806_devices | hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning. | 2019-09-06 | not yet calculated | CVE-2019-10892 MISC |
dasan_zhone_solutions -- znid_gpon 2426a_eu_devices | Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). | 2019-09-05 | not yet calculated | CVE-2019-10677 MISC MISC MISC MISC |
datalogic -- av7000_linear_barcode_scanner | Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. | 2019-08-30 | not yet calculated | CVE-2019-13526 MISC |
eclipse -- spotless_eclipse-wtp_and_eclipse-cdt_and_eclipse_groovy | In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. **Note:** In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low. | 2019-09-05 | not yet calculated | CVE-2019-10753 MISC |
espressif -- esp8266_nonos_sdk | The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. | 2019-09-04 | not yet calculated | CVE-2019-12588 MISC MISC MISC |
f5 -- big-ip | On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file. | 2019-09-04 | not yet calculated | CVE-2019-6643 MISC |
f5 -- big-ip | On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken. | 2019-09-04 | not yet calculated | CVE-2019-6645 MISC |
f5 -- big-ip | Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. | 2019-09-04 | not yet calculated | CVE-2019-6644 MISC |
f5 -- big-ip | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system. | 2019-09-04 | not yet calculated | CVE-2019-6647 MISC |
facebook -- hhvm | Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | 2019-09-06 | not yet calculated | CVE-2019-11926 CONFIRM CONFIRM CONFIRM |
facebook -- hhvm | Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | 2019-09-06 | not yet calculated | CVE-2019-11925 CONFIRM CONFIRM CONFIRM |
google -- android | In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9454 MISC |
google -- android | In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9451 MISC |
google -- android | In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9444 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9448 MISC |
google -- android | In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9449 MISC |
google -- android | In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-2182 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9447 MISC |
google -- android | In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9445 MISC |
google -- android | In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9456 MISC |
google -- android | In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9453 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9450 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9446 MISC |
google -- android | In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9452 MISC |
google -- android | In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9455 MISC |
google -- android | In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9443 MISC |
google -- android | In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9441 MISC |
google -- android | In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9458 MISC |
google -- android | In the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9457 MISC |
google -- android | In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9274 MISC |
google -- android | In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9436 MISC |
google -- android | In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9270 MISC |
google -- android | In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9345 MISC |
google -- android | In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9276 MISC |
google -- android | In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9275 MISC |
google -- android | In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9273 MISC |
google -- android | In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9426 MISC |
google -- android | In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9461 MISC |
google -- android | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9248 MISC |
google -- android | In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9245 MISC |
google -- android | In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9271 MISC |
google -- android | In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. | 2019-09-06 | not yet calculated | CVE-2019-9442 MISC |
if.svnadmin -- if.svnadmin | iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. | 2019-09-06 | not yet calculated | CVE-2019-15128 MISC |
intramaps -- mapcontrol | A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. | 2019-09-05 | not yet calculated | CVE-2019-13191 MISC |
larvit -- larvitbase_api | An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). | 2019-09-03 | not yet calculated | CVE-2019-5479 MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. | 2019-09-06 | not yet calculated | CVE-2019-16089 MISC |
mautic -- mautic | An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. | 2019-09-06 | not yet calculated | CVE-2018-11198 MISC CONFIRM |
opensc -- pam_p11 | An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. | 2019-09-06 | not yet calculated | CVE-2019-16058 MISC |
php -- php | A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. | 2019-09-06 | not yet calculated | CVE-2016-7398 MISC MISC MISC |
python -- python | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | 2019-09-06 | not yet calculated | CVE-2019-16056 MISC MISC |
qemu -- qemu | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. | 2019-09-06 | not yet calculated | CVE-2019-15890 CONFIRM MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | 2019-09-07 | not yet calculated | CVE-2019-16094 MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. | 2019-09-07 | not yet calculated | CVE-2019-16095 MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. | 2019-09-07 | not yet calculated | CVE-2019-16091 MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. | 2019-09-07 | not yet calculated | CVE-2019-16092 MISC |
symonics -- libmysofa | Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | 2019-09-07 | not yet calculated | CVE-2019-16093 MISC |
tyto_software -- sahi_pro | An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server. | 2019-09-06 | not yet calculated | CVE-2019-15102 MISC |
valve -- counter-strike_global_offensive | In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. | 2019-09-05 | not yet calculated | CVE-2019-15944 MISC |
wordpress -- wordpress | The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | 2019-08-30 | not yet calculated | CVE-2019-15842 MISC |
wordpress -- wordpress | The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. | 2019-09-03 | not yet calculated | CVE-2019-15865 MISC MISC |
wordpress -- wordpress | The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. | 2019-09-03 | not yet calculated | CVE-2019-15866 MISC MISC |
wordpress -- wordpress | The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. | 2019-09-03 | not yet calculated | CVE-2019-15867 MISC MISC MISC |
wordpress -- wordpress | The JobCareer theme before 2.5.1 for WordPress has stored XSS. | 2019-09-03 | not yet calculated | CVE-2019-15869 MISC |
wordpress -- wordpress | The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. | 2019-09-03 | not yet calculated | CVE-2019-15870 MISC |
wordpress -- wordpress | The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. | 2019-09-03 | not yet calculated | CVE-2019-15889 MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. | 2019-09-03 | not yet calculated | CVE-2019-15864 MISC MISC |
xpdf -- xpdf | Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | 2019-09-06 | not yet calculated | CVE-2019-16088 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.