Vulnerability Summary for the Week of October 7, 2019

Released
Oct 14, 2019
Document ID
SB19-287

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adhouma_cms_project -- adhouma_cmsAdhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.2019-10-107.5CVE-2019-17429
MISC
awplife -- contact_form_widgetThe new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.2019-10-107.5CVE-2019-17072
MISC
MISC
centreon -- centreon_vmIn Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.2019-10-0810.0CVE-2018-21025
MLIST
MISC
MISC
fasterxml -- jackson-databindA Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.2019-10-067.5CVE-2019-17267
MISC
MISC
fon -- fon2601e-fsw-b_firmwareFON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities.2019-10-047.8CVE-2019-6015
MISC
MISC
gnome -- libsouplibsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.2019-10-067.5CVE-2019-17266
MISC
MISC
MISC
MISC
MISC
MISC
UBUNTU
MISC
ibm -- mqIBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.2019-10-047.5CVE-2019-4227
XF
CONFIRM
ibm -- spectrum_scaleA security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.2019-10-097.2CVE-2019-4558
XF
CONFIRM
intelliantech -- remote_accessIntellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.2019-10-0610.0CVE-2019-17269
MISC
k-78 -- broken_link_managerThe broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.2019-10-107.5CVE-2015-9467
MISC
MISC
MISC
linux -- linux_kernelIn the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.2019-10-047.5CVE-2019-17133
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366.2019-10-107.6CVE-2019-1307
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366.2019-10-107.6CVE-2019-1308
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366.2019-10-107.6CVE-2019-1335
MISC
microsoft -- chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.2019-10-107.6CVE-2019-1366
MISC
microsoft -- excelA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.2019-10-109.3CVE-2019-1327
MISC
microsoft -- excelA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.2019-10-109.3CVE-2019-1331
MISC
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.2019-10-107.1CVE-2019-1238
MISC
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.2019-10-107.6CVE-2019-1239
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.2019-10-109.3CVE-2019-1060
MISC
microsoft -- windows_10A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.2019-10-109.3CVE-2019-1311
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.2019-10-107.2CVE-2019-1315
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.2019-10-107.2CVE-2019-1316
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.2019-10-107.2CVE-2019-1319
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336.2019-10-107.2CVE-2019-1323
MISC
microsoft -- windows_10A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.2019-10-107.8CVE-2019-1326
MISC
microsoft -- windows_10A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.2019-10-109.3CVE-2019-1333
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323.2019-10-107.2CVE-2019-1336
MISC
nex-forms_-_ultimate_form_builder_project -- nex-forms_-_ultimate_form_builderThe nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.2019-10-077.5CVE-2015-9452
MISC
MISC
MISC
open-emr -- openemrOpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.2019-10-057.5CVE-2019-17197
MISC
MISC
pcprotect -- antivirusPC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse.2019-10-077.2CVE-2019-16913
MISC
signal -- signal_private_messenger** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.2019-10-047.5CVE-2019-17192
MISC
MISC
MISC
sitos -- sitos_sixSITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.2019-10-0710.0CVE-2019-15746
MISC
sitos -- sitos_sixSITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code.2019-10-077.5CVE-2019-15748
MISC
sitos -- sitos_sixAn unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application.2019-10-0710.0CVE-2019-15751
MISC
sizmic -- plugmatter_optin_feature_boxThe plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.2019-10-077.5CVE-2015-9450
MISC
MISC
MISC
sizmic -- plugmatter_optin_feature_boxThe plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.2019-10-077.5CVE-2015-9451
MISC
MISC
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.2019-10-077.2CVE-2019-17346
MISC
xerox -- atlalink_firmwareXerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.2019-10-047.5CVE-2019-17184
MISC
zingbox -- inspectorA command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.2019-10-099.0CVE-2019-15014
MISC
zingbox -- inspectorA security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.2019-10-097.5CVE-2019-15019
MISC
zingbox -- inspectorA security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.2019-10-097.5CVE-2019-15020
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- hadoopIn Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.2019-10-045.0CVE-2018-11768
MISC
MLIST
MLIST
MLIST
MLIST
axiosys -- bento4Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.2019-10-104.3CVE-2019-17452
MISC
axiosys -- bento4Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.2019-10-104.3CVE-2019-17453
MISC
MISC
axiosys -- bento4Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.2019-10-104.3CVE-2019-17454
MISC
bludit -- bluditbl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.2019-10-064.3CVE-2019-17240
MISC
MISC
brinidesigner -- awesome_filterable_portfolioThe awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.2019-10-106.5CVE-2015-9461
MISC
MISC
MISC
centreon -- centreon_vmIn Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.2019-10-085.0CVE-2019-17104
MLIST
MISC
MISC
centreon -- centreon_webIn Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.2019-10-084.0CVE-2019-17106
MLIST
MISC
MISC
cpanel -- cpanelcPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).2019-10-096.5CVE-2019-17375
MISC
MISC
cpanel -- cpanelcPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).2019-10-094.3CVE-2019-17376
MISC
cpanel -- cpanelcPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).2019-10-094.3CVE-2019-17377
MISC
cpanel -- cpanelcPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).2019-10-094.3CVE-2019-17378
MISC
cpanel -- cpanelcPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).2019-10-094.3CVE-2019-17379
MISC
cpanel -- cpanelcPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).2019-10-094.3CVE-2019-17380
MISC
elementor -- elementorThe elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.2019-10-074.3CVE-2018-18379
MISC
MISC
MISC
eleopard -- animate_it!The animate-it plugin before 2.3.4 for WordPress has XSS.2019-10-094.3CVE-2019-17384
MISC
MISC
eleopard -- animate_it!The animate-it plugin before 2.3.5 for WordPress has XSS.2019-10-094.3CVE-2019-17385
MISC
MISC
etoilewebdesign -- ultimate_faqFunctions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.2019-10-075.0CVE-2019-17232
MISC
MISC
MISC
etoilewebdesign -- ultimate_faqFunctions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.2019-10-074.3CVE-2019-17233
MISC
MISC
MISC
exiv2 -- exiv2Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.2019-10-094.3CVE-2019-17402
MISC
eyoucms -- eyoucmsEyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.2019-10-104.3CVE-2019-17430
MISC
MISC
fastadmin -- fastadminAn issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.2019-10-106.8CVE-2019-17431
MISC
fecmall -- fecmallAn unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function.2019-10-046.5CVE-2019-17188
MISC
fiberhome -- hg2201t_firmware/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.2019-10-085.0CVE-2019-17187
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656.2019-10-046.8CVE-2019-13315
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757.2019-10-046.8CVE-2019-13316
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759.2019-10-046.8CVE-2019-13317
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544.2019-10-044.3CVE-2019-13318
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669.2019-10-046.8CVE-2019-13319
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814.2019-10-046.8CVE-2019-13320
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8295.2019-10-046.8CVE-2019-6774
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8491.2019-10-046.8CVE-2019-6775
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8801.2019-10-046.8CVE-2019-6776
MISC
MISC
foxitsoftware -- readerFoxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists.2019-10-045.0CVE-2019-17183
MISC
freerdp -- freerdplibfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.2019-10-045.0CVE-2019-17177
MISC
MISC
freerdp -- freerdpHuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.2019-10-045.0CVE-2019-17178
MISC
MISC
gonitro -- nitropdfA specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.2019-10-096.8CVE-2019-5045
MISC
gonitro -- nitropdfA specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.2019-10-096.8CVE-2019-5046
MISC
gonitro -- nitropdfAn exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability.2019-10-096.8CVE-2019-5047
MISC
gonitro -- nitropdfA specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.2019-10-096.8CVE-2019-5048
MISC
gonitro -- nitropdfA specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.2019-10-096.8CVE-2019-5050
MISC
gonitro -- nitropdfAn exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability.2019-10-096.8CVE-2019-5053
MISC
hp -- arcsight_loggerUnrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.2019-10-046.5CVE-2019-11655
MISC
ibm -- control_deskIBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.2019-10-094.0CVE-2019-4512
XF
CONFIRM
ibm -- security_key_lifecycle_managerIBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.2019-10-045.0CVE-2019-4514
XF
CONFIRM
ibm -- security_key_lifecycle_managerIBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2019-10-044.3CVE-2019-4564
XF
CONFIRM
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563.2019-10-084.6CVE-2019-17241
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f.2019-10-084.6CVE-2019-17242
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155.2019-10-086.8CVE-2019-17243
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a.2019-10-086.8CVE-2019-17244
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359.2019-10-084.6CVE-2019-17245
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c.2019-10-086.8CVE-2019-17246
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8.2019-10-086.8CVE-2019-17247
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6.2019-10-086.8CVE-2019-17248
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b.2019-10-086.8CVE-2019-17249
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.2019-10-086.8CVE-2019-17250
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43.2019-10-086.8CVE-2019-17251
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115.2019-10-086.8CVE-2019-17252
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.2019-10-086.8CVE-2019-17253
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101.2019-10-086.8CVE-2019-17254
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836.2019-10-086.8CVE-2019-17255
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203.2019-10-086.8CVE-2019-17256
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.2019-10-084.3CVE-2019-17257
MISC
MISC
irfanview -- irfanviewIrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c.2019-10-086.8CVE-2019-17258
MISC
MISC
jnoj -- jiangnan_online_judgeJiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.2019-10-104.3CVE-2019-17489
MISC
jnoj -- jiangnan_online_judgeJiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.2019-10-104.3CVE-2019-17491
MISC
jnoj -- jiangnan_online_judgeJiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.2019-10-104.3CVE-2019-17493
MISC
joyplus-cms_project -- joyplus-cmsjoyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal.2019-10-045.0CVE-2019-17175
MISC
k-78 -- broken_link_managerThe broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.2019-10-074.3CVE-2015-9453
MISC
MISC
MISC
k-78 -- broken_link_managerThe broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.2019-10-104.3CVE-2015-9468
MISC
MISC
kmplayer -- kmplayerKMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee.2019-10-084.6CVE-2019-17259
MISC
MISC
koji_project -- kojiKoji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.2019-10-094.0CVE-2019-17109
MISC
CONFIRM
CONFIRM
liblnk_project -- liblnk** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue.2019-10-066.8CVE-2019-17264
MISC
MISC
libpng -- libpnglibpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct.2019-10-094.3CVE-2019-17371
MISC
liferay -- liferay_portalLiferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.2019-10-046.5CVE-2019-16891
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.2019-10-074.9CVE-2019-17351
MISC
MISC
MISC
lqd -- liquid_speech_balloonThe liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer.2019-10-104.3CVE-2019-17070
MISC
MISC
metinfo -- metinfoAn issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.2019-10-096.5CVE-2019-17418
MISC
metinfo -- metinfoAn issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.2019-10-096.5CVE-2019-17419
MISC
microsoft -- edgeA spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.2019-10-104.3CVE-2019-0608
MISC
microsoft -- edgeA spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.2019-10-104.3CVE-2019-1357
MISC
microsoft -- open_enclave_software_development_kitAn information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.2019-10-105.0CVE-2019-1369
MISC
microsoft -- sharepoint_enterprise_serverAn elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.2019-10-104.0CVE-2019-1330
MISC
microsoft -- sql_server_management_studioAn information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376.2019-10-104.0CVE-2019-1313
MISC
microsoft -- sql_server_management_studioAn information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.2019-10-104.0CVE-2019-1376
MISC
microsoft -- windows_10A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.2019-10-105.6CVE-2019-1317
MISC
microsoft -- windows_10A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.2019-10-104.3CVE-2019-1318
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.2019-10-104.6CVE-2019-1320
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.2019-10-104.6CVE-2019-1322
MISC
microsoft -- windows_10An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'.2019-10-104.9CVE-2019-1325
MISC
microsoft -- windows_7An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.2019-10-104.3CVE-2019-1361
MISC
MISC
mpc-hc -- mpc-hcMPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e.2019-10-084.6CVE-2019-17260
MISC
MISC
netreo -- omnicenterNetreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application.2019-10-095.0CVE-2019-17128
MISC
MISC
nixos -- nixNix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.2019-10-094.6CVE-2019-17365
MISC
MLIST
open-emr -- openemrXSS in library/custom_template/add_template.php in OpenEMR through 5.0.2 allows a malicious user to execute code in the context of a victim's browser via a crafted list_id query parameter.2019-10-044.3CVE-2019-17179
MISC
openproject -- openprojectAn XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.2019-10-094.3CVE-2019-17092
MISC
CONFIRM
CONFIRM
orbisius -- child_theme_creatorThe orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter.2019-10-074.0CVE-2015-9456
MISC
MISC
CONFIRM
otcms -- otcmsOTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the attacker can create a .php file.2019-10-096.5CVE-2019-17370
MISC
pi-hole -- pi-holePi-Hole 4.3 allows Command Injection.2019-10-096.8CVE-2019-13051
MISC
MISC
MISC
MISC
python -- pillowAn issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.2019-10-044.3CVE-2019-16865
MISC
realbigplugins -- client_dashThe client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS.2019-10-104.3CVE-2019-17071
MISC
MISC
redmine -- redmineIn Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.2019-10-094.3CVE-2019-17427
MISC
s-cms -- s-cmsS-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.2019-10-094.3CVE-2019-17368
MISC
sap -- financial_consolidationDue to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.2019-10-086.4CVE-2019-0370
MISC
CONFIRM
sap -- netweaver_process_integrationSAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.2019-10-084.0CVE-2019-0367
MISC
CONFIRM
seo_searchterms_tagging_2_project -- seo_searchterms_tagging_2The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.2019-10-106.5CVE-2015-9458
MISC
MISC
seo_searchterms_tagging_2_project -- seo_searchterms_tagging_2The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.2019-10-104.3CVE-2015-9459
MISC
MISC
sitos -- sitos_sixSITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.2019-10-076.5CVE-2019-15747
MISC
sitos -- sitos_sixSITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.2019-10-074.3CVE-2019-15749
MISC
sitos -- sitos_sixA Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.2019-10-074.3CVE-2019-15750
MISC
slidervilla -- smooth_sliderThe smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.2019-10-076.5CVE-2015-9454
MISC
MISC
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.2019-10-076.5CVE-2019-17292
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.2019-10-076.5CVE-2019-17293
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user.2019-10-076.5CVE-2019-17294
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.2019-10-076.5CVE-2019-17295
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.2019-10-076.5CVE-2019-17296
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user.2019-10-076.5CVE-2019-17297
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user.2019-10-076.5CVE-2019-17298
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.2019-10-076.5CVE-2019-17299
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user.2019-10-076.5CVE-2019-17300
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.2019-10-076.5CVE-2019-17301
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user.2019-10-076.5CVE-2019-17302
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.2019-10-076.5CVE-2019-17303
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user.2019-10-076.5CVE-2019-17304
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.2019-10-076.5CVE-2019-17305
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.2019-10-076.5CVE-2019-17306
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.2019-10-076.5CVE-2019-17307
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.2019-10-076.5CVE-2019-17308
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user.2019-10-076.5CVE-2019-17309
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.2019-10-076.5CVE-2019-17310
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.2019-10-076.5CVE-2019-17311
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.2019-10-076.5CVE-2019-17312
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.2019-10-076.5CVE-2019-17313
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.2019-10-076.5CVE-2019-17314
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.2019-10-076.5CVE-2019-17315
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.2019-10-076.5CVE-2019-17316
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.2019-10-076.5CVE-2019-17317
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.2019-10-076.5CVE-2019-17318
MISC
sugarcrm -- sugarcrmSugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.2019-10-076.5CVE-2019-17319
MISC
suse -- suse_linux_enterprise_serverThe /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary2019-10-076.6CVE-2019-3688
CONFIRM
teampass -- teampassTeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.2019-10-054.3CVE-2019-17205
MISC
twitter -- twitter_kitThe Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product.2019-10-075.8CVE-2019-16263
MISC
MISC
MISC
vbulletin -- vbulletinvBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.2019-10-046.4CVE-2019-17130
MISC
vbulletin -- vbulletinvBulletin before 5.5.4 allows clickjacking.2019-10-044.3CVE-2019-17131
MISC
vbulletin -- vbulletinvBulletin through 5.5.4 mishandles custom avatars.2019-10-046.8CVE-2019-17132
MISC
FULLDISC
MISC
vbulletin -- vbulletinvBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.2019-10-084.0CVE-2019-17271
MISC
MISC
webarxsecurity -- webarxThe WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.2019-10-064.3CVE-2019-17213
MISC
MISC
webarxsecurity -- webarxThe WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.2019-10-065.0CVE-2019-17214
MISC
webpagetest -- webpagetestwww/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.2019-10-055.0CVE-2019-17199
MISC
wpfactory -- download_plugins_and_themes_from_dashboardincludes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.2019-10-074.3CVE-2019-17239
MISC
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.2019-10-076.1CVE-2019-17340
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.2019-10-076.9CVE-2019-17341
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.2019-10-074.4CVE-2019-17342
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.2019-10-074.6CVE-2019-17343
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.2019-10-074.9CVE-2019-17344
MISC
xen -- xenAn issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.2019-10-074.9CVE-2019-17345
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).2019-10-074.6CVE-2019-17347
MISC
xen -- xenAn issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.2019-10-074.9CVE-2019-17348
MISC
xen -- xenAn issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.2019-10-074.9CVE-2019-17349
MISC
xen -- xenAn issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.2019-10-074.9CVE-2019-17350
MISC
xnview -- xnviewXnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.2019-10-084.6CVE-2019-17261
MISC
MISC
xnview -- xnviewXnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.2019-10-084.6CVE-2019-17262
MISC
MISC
zingbox -- inspectorAn SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.2019-10-096.5CVE-2019-15016
MISC
zingbox -- inspectorA security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.2019-10-095.0CVE-2019-15018
MISC
zingbox -- inspectorA security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.2019-10-095.0CVE-2019-15021
MISC
zingbox -- inspectorA security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.2019-10-095.0CVE-2019-15022
MISC
zingbox -- inspectorA security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.2019-10-095.0CVE-2019-15023
MISC
zingbox -- inspectorA security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.2019-10-096.8CVE-2019-1584
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cmsmadesimple -- cms_made_simpleCMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.2019-10-063.5CVE-2019-17226
MISC
hp -- arcsight_loggerStored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').2019-10-043.5CVE-2019-11656
MISC
hrworks -- hrworksHRworks 3.36.9 allows XSS via the purpose of a travel-expense report.2019-10-083.5CVE-2019-16416
MISC
MISC
hrworks -- hrworksHRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report.2019-10-083.5CVE-2019-16417
MISC
MISC
ibm -- maximo_anywhereIBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.2019-10-102.1CVE-2019-4265
XF
CONFIRM
intelliants -- subrionSubrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.2019-10-063.5CVE-2019-17225
MISC
MISC
laravel-admin -- laravel-adminz-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.2019-10-103.5CVE-2019-17433
MISC
lavalite -- lavaliteLavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.2019-10-103.5CVE-2019-17434
MISC
libfwsi_project -- libfwsiIn libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported.2019-10-062.1CVE-2019-17263
MISC
MISC
MISC
liblnk_project -- liblnk** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue.2019-10-092.1CVE-2019-17401
MISC
microsoft -- sharepoint_enterprise_serverA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.2019-10-103.5CVE-2019-1070
MISC
microsoft -- sharepoint_enterprise_serverA spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.2019-10-103.5CVE-2019-1328
MISC
microsoft -- sharepoint_enterprise_serverAn elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.2019-10-103.5CVE-2019-1329
MISC
microsoft -- windows_10An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.2019-10-102.1CVE-2019-1345
MISC
MISC
microsoft -- windows_7An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.2019-10-102.1CVE-2019-1363
MISC
pbootcms -- pbootcmsPbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.2019-10-093.5CVE-2019-17417
MISC
sap -- businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting2019-10-083.5CVE-2019-0374
MISC
CONFIRM
sap -- businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.2019-10-083.5CVE-2019-0375
MISC
CONFIRM
sap -- businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.2019-10-083.5CVE-2019-0376
MISC
CONFIRM
sap -- businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.2019-10-083.5CVE-2019-0377
MISC
CONFIRM
sap -- businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.2019-10-083.5CVE-2019-0378
MISC
CONFIRM
sap -- financial_consolidationSAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.2019-10-083.5CVE-2019-0369
MISC
CONFIRM
teampass -- teampassTeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.2019-10-053.5CVE-2019-17203
MISC
teampass -- teampassTeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.2019-10-053.5CVE-2019-17204
MISC
tibco -- master_data_managementThe MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0.2019-10-093.5CVE-2019-11212
CONFIRM
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
activesoft -- mybuilder
 
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution2019-10-07not yet calculatedCVE-2019-12811
MISC
activesoft -- mybuilder
 
MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.2019-10-07not yet calculatedCVE-2019-12812
MISC
altair_engineering -- pbs_professional
 
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user.2019-10-09not yet calculatedCVE-2019-15719
MISC
MISC
MISC
MISC
amazon_web_services -- freertos
 
Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checking in prvProcessReceivedPublish, resulting in leakage of arbitrary memory contents on a device to an attacker. An attacker sends a malformed MQTT publish packet, and waits for an MQTTACK packet containing the leaked data.2019-10-07not yet calculatedCVE-2019-13120
CONFIRM
arista_networks -- extensible_operating_system
 
A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17)2019-10-10not yet calculatedCVE-2019-14810
MISC
CONFIRM
auth0 -- auth0
 
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.2019-10-08not yet calculatedCVE-2019-16929
CONFIRM
automattic -- mongoose
 
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project).2019-10-09not yet calculatedCVE-2019-17426
MISC
MISC
avira -- avira_software_updater
 
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack.2019-10-10not yet calculatedCVE-2019-17449
MISC
axiomatic_systems -- bento4
 
An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.2019-10-12not yet calculatedCVE-2019-17528
MISC
MISC
axiomatic_systems -- bento4
 
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.2019-10-12not yet calculatedCVE-2019-17529
MISC
MISC
axiomatic_systems -- bento4
 
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.2019-10-12not yet calculatedCVE-2019-17530
MISC
MISC
b3log -- symphony
 
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.2019-10-10not yet calculatedCVE-2019-17488
MISC
belkin -- wemo_switch_28b_devices
 
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.2019-10-12not yet calculatedCVE-2019-17532
MISC
bootstrap-3-typeahead -- bootstrap-3-typeahead
 
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.2019-10-08not yet calculatedCVE-2019-10215
CONFIRM
bouncy_castle -- bouncy_castle_crypto_package
 
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.2019-10-08not yet calculatedCVE-2019-17359
MISC
MISC
centreon -- centreon_web

 

getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.2019-10-08not yet calculatedCVE-2018-21023
MLIST
MISC
MISC
MISC
centreon -- centreon_web

 

licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.2019-10-08not yet calculatedCVE-2018-21024
MLIST
CONFIRM
MISC
centreon -- centreon_web

 

img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.2019-10-08not yet calculatedCVE-2018-21021
MLIST
MISC
MISC
centreon -- centreon_web

 

makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.2019-10-08not yet calculatedCVE-2018-21022
MLIST
MISC
MISC
centreon -- centreon_web
 
The token generator in index.php in Centreon Web before 2.8.27 is predictable.2019-10-08not yet calculatedCVE-2019-17105
MLIST
CONFIRM
MISC
centreon -- centreon_web
 
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.2019-10-08not yet calculatedCVE-2018-21020
MLIST
MISC
MISC
centreon -- centreon_web
 
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.2019-10-08not yet calculatedCVE-2019-17107
MLIST
MISC
MISC
centreon -- centreon_web
 
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.2019-10-08not yet calculatedCVE-2019-17108
MLIST
MISC
MISC
citrix -- application_delivery_management
 
Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.2019-10-09not yet calculatedCVE-2019-17366
CONFIRM
cobham -- explorer_710
 
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.2019-10-10not yet calculatedCVE-2019-9529
CERT-VN
cobham -- explorer_710
 
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.2019-10-10not yet calculatedCVE-2019-9531
CERT-VN
cobham -- explorer_710
 
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.2019-10-10not yet calculatedCVE-2019-9530
CERT-VN
cobham -- explorer_710
 
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.2019-10-10not yet calculatedCVE-2019-9534
CERT-VN
cobham -- explorer_710
 
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.2019-10-10not yet calculatedCVE-2019-9533
CERT-VN
cobham -- explorer_710
 
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.2019-10-10not yet calculatedCVE-2019-9532
CERT-VN
compal -- ch7465lg_devices
 
The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.2019-10-11not yet calculatedCVE-2019-17499
MISC
craft_cms -- craft_cms
 
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.2019-10-10not yet calculatedCVE-2019-17496
MISC
MISC
d-link -- dap-1320_routers
 
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack.2019-10-11not yet calculatedCVE-2019-17505
MISC
d-link -- dir-615_devices
 
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.2019-10-09not yet calculatedCVE-2019-17353
MISC
MISC
MISC
MISC
d-link -- dir-816l_devices
 
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp.2019-10-11not yet calculatedCVE-2019-17507
MISC
d-link -- dir-846_devicesD-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.2019-10-11not yet calculatedCVE-2019-17509
MISC
d-link -- dir-846_devices
 
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.2019-10-11not yet calculatedCVE-2019-17510
MISC
d-link -- dir-859_and_dir-8850_devicesOn D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.2019-10-11not yet calculatedCVE-2019-17508
MISC
d-link -- dir-868l_and_dir-817lw_routers
 
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.2019-10-11not yet calculatedCVE-2019-17506
MISC
dbell -- wi-fi_smart_video_doorbell
 
The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end of life in 2016.2019-10-08not yet calculatedCVE-2019-13336
MISC
MISC
MISC
dell -- encryption_enterprise
 
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.2019-10-07not yet calculatedCVE-2019-3745
MISC
dell_emc -- avamar_server
 
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.2019-10-09not yet calculatedCVE-2019-3765
CONFIRM
envoy_proxy -- envoy
 
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.2019-10-09not yet calculatedCVE-2019-15226
MISC
MISC
MISC
espressif -- esp-idf
 
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled.2019-10-07not yet calculatedCVE-2019-15894
CONFIRM
fastadmin -- fastadmin
 
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.2019-10-10not yet calculatedCVE-2019-17432
MISC
fasterxml -- jackson-databind
 
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.2019-10-12not yet calculatedCVE-2019-17531
MISC
MISC
fiberhome -- hg2201t
 
/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.2019-10-08not yet calculatedCVE-2019-17186
MISC
frost_ming -- redis_wrapper
 
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.2019-10-05not yet calculatedCVE-2019-17206
MISC
MISC
MISC
genesys -- pureengage_digital
 
Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).2019-10-11not yet calculatedCVE-2019-17176
MISC
MISC
MISC
MISC
MISC
gnu -- binutilsfind_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.2019-10-10not yet calculatedCVE-2019-17450
MISC
gnu -- binutils
 
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.2019-10-10not yet calculatedCVE-2019-17451
MISC
MISC
gnupg_project -- boa
 
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.2019-10-11not yet calculatedCVE-2018-21027
CONFIRM
CONFIRM
gnupg_project -- boa
 
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.2019-10-11not yet calculatedCVE-2018-21028
CONFIRM
CONFIRM
google -- androidIn generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-1362614652019-10-11not yet calculatedCVE-2019-2183
CONFIRM
google -- androidIn the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-1237003482019-10-11not yet calculatedCVE-2019-2114
CONFIRM
google -- android
 
In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1361754472019-10-11not yet calculatedCVE-2019-2186
CONFIRM
google -- android
 
In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1361736992019-10-11not yet calculatedCVE-2019-2185
CONFIRM
google -- android
 
In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-1345781222019-10-11not yet calculatedCVE-2019-2184
CONFIRM
google -- android
 
In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-697034452019-10-11not yet calculatedCVE-2019-2110
CONFIRM
google -- android
 
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-1230137202019-10-11not yet calculatedCVE-2019-2173
CONFIRM
google -- android
 
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-1417200952019-10-11not yet calculatedCVE-2019-2215
CONFIRM
google -- android
 
In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1249401432019-10-11not yet calculatedCVE-2019-2187
CONFIRM
graphite_project -- graphite
 
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.2019-10-11not yet calculatedCVE-2017-18638
MISC
MISC
MISC
MISC
MISC
gree -- gree+_application_for_andriod
 
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery.2019-10-11not yet calculatedCVE-2018-20582
MISC
MISC
hotaru_cms -- hotaru_cms
 
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1.2019-10-12not yet calculatedCVE-2019-17522
MISC
MISC
hp -- touchpoint_analytics
 
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.2019-10-11not yet calculatedCVE-2019-6333
CONFIRM
hyrda -- hyrda
 
Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.2019-10-12not yet calculatedCVE-2019-17502
MISC
MISC
icewrap -- webclient
 
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.2019-10-11not yet calculatedCVE-2010-5335
MISC
MISC
icewrap -- webclient
 
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.2019-10-11not yet calculatedCVE-2010-5334
MISC
MISC
icewrap -- webclient
 
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.2019-10-11not yet calculatedCVE-2010-5336
MISC
MISC
icewrap -- webclient
 
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.2019-10-11not yet calculatedCVE-2010-5337
MISC
MISC
icewrap -- webclient
 
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.2019-10-11not yet calculatedCVE-2010-5338
MISC
MISC
icewrap -- webclient
 
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.2019-10-11not yet calculatedCVE-2010-5339
MISC
MISC
icewrap -- webclient
 
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.2019-10-11not yet calculatedCVE-2010-5340
MISC
MISC
intel -- active_system_console
 
Insufficient path checking in the installer for Intel(R) Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access.2019-10-11not yet calculatedCVE-2019-11120
CONFIRM
intel -- nuc
 
Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.2019-10-11not yet calculatedCVE-2019-14570
CONFIRM
intel -- nuc
 
Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.2019-10-11not yet calculatedCVE-2019-14569
CONFIRM
intel -- smart_connect_technology_for_intel_nuc
 
Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.2019-10-11not yet calculatedCVE-2019-11167
CONFIRM
internet_systems_consortium -- bindAn error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.2019-10-09not yet calculatedCVE-2019-6469
CONFIRM
internet_systems_consortium -- bind
 
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.2019-10-09not yet calculatedCVE-2018-5744
CONFIRM
internet_systems_consortium -- bind
 
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.2019-10-09not yet calculatedCVE-2019-6471
CONFIRM
CONFIRM
internet_systems_consortium -- bind
 
In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.2019-10-09not yet calculatedCVE-2019-6468
CONFIRM
internet_systems_consortium -- bind
 
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.2019-10-09not yet calculatedCVE-2019-6467
CONFIRM
internet_systems_consortium -- bind
 
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.2019-10-09not yet calculatedCVE-2019-6465
CONFIRM
internet_systems_consortium -- bind
 
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.2019-10-09not yet calculatedCVE-2018-5743
CONFIRM
internet_systems_consortium -- bind
 
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.2019-10-09not yet calculatedCVE-2018-5745
CONFIRM
internet_systems_consortium -- isc_dhcp
 
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.02019-10-09not yet calculatedCVE-2018-5732
CONFIRM
iterm2 -- iterm2
 
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.2019-10-09not yet calculatedCVE-2019-9535
MISC
CONFIRM
CERT-VN
jfinal -- jfinal
 
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.2019-10-08not yet calculatedCVE-2019-17352
MISC
MISC
MISC
jiangan_online_judge -- jiangan_online_judgeapp\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.2019-10-10not yet calculatedCVE-2019-17490
MISC
joicom_corporation -- renpho_application
 
An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).2019-10-09not yet calculatedCVE-2019-14808
MISC
MISC
MISC
joomlashack -- shack_forms_pro
 
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.2019-10-09not yet calculatedCVE-2019-17399
MISC
juniper_networks -- junos_os

 

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2.2019-10-09not yet calculatedCVE-2019-0062
CONFIRM
juniper_networks -- junos_os
 
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.2019-10-09not yet calculatedCVE-2019-0073
MISC
juniper_networks -- junos_os
 
A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.2019-10-09not yet calculatedCVE-2019-0059
MISC
juniper_networks -- junos_os
 
The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.2019-10-09not yet calculatedCVE-2019-0061
MISC
juniper_networks -- junos_os
 
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2.2019-10-09not yet calculatedCVE-2019-0074
MISC
juniper_networks -- junos_os
 
Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions.2019-10-09not yet calculatedCVE-2019-0067
CONFIRM
juniper_networks -- junos_os
 
An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.2019-10-09not yet calculatedCVE-2019-0066
MISC
MISC
juniper_networks -- junos_os
 
A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.2019-10-09not yet calculatedCVE-2019-0047
MISC
juniper_networks -- junos_os_ex2300_and_ex3400_series
 
Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user with shell access to install untrusted executable images, and elevate privileges to gain full control of the system. During the installation of an affected version of Junos OS are installed, the following messages will be logged to the console: Initializing Verified Exec: /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/brcm-hr3.dtb: Authentication error veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/contents.izo: Authentication error ... This issue affects Juniper Networks Junos OS: 18.1R3-S4 on EX2300, EX2300-C and EX3400; 18.3R1-S3 on EX2300, EX2300-C and EX3400.2019-10-09not yet calculatedCVE-2019-0071
MISC
MISC
juniper_networks -- junos_os_multiple_series
 
A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R2.2019-10-09not yet calculatedCVE-2019-0075
MISC
juniper_networks -- junos_os_multiple_series
 
On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX platforms with the Linux Host OS architecture, it does not affect other SRX and EX platforms that do not use the Linux Host OS architecture. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series; 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series; 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series; 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series; 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series; 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series; 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series; 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series; 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series; 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series; 15.1X53 versions prior to 15.1X53-D496 on NFX Series, 17.2 versions prior to 17.2R3-S1 on NFX Series; 17.3 versions prior to 17.3R3-S4 on NFX Series; 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series, 18.1 versions prior to 18.1R3-S4 on NFX Series; 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series; 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series.2019-10-09not yet calculatedCVE-2019-0069
CONFIRM
juniper_networks -- junos_os_mx_series

 

On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on MX Series: 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S6 ; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S3; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.2019-10-09not yet calculatedCVE-2019-0065
CONFIRM
juniper_networks -- junos_os_mx_series
 
This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.2019-10-09not yet calculatedCVE-2019-0056
MISC
juniper_networks -- junos_os_mx_series
 
When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue only affects systems configured with DHCPv6 enabled. DHCPv4 is unaffected by this issue. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S5 on MX Series; 16.1 versions prior to 16.1R7-S5 on MX Series; 16.2 versions prior to 16.2R2-S10 on MX Series; 17.1 versions prior to 17.1R3-S1 on MX Series; 17.2 versions prior to 17.2R3-S2 on MX Series; 17.3 versions prior to 17.3R3-S6 on MX Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S6 on MX Series; 18.2 versions prior to 18.2R2-S4, 18.2R3 on MX Series; 18.2X75 versions prior to 18.2X75-D50 on MX Series; 18.3 versions prior to 18.3R1-S5, 18.3R3 on MX Series; 18.4 versions prior to 18.4R2 on MX Series; 19.1 versions prior to 19.1R1-S2, 19.1R2 on MX Series.2019-10-09not yet calculatedCVE-2019-0063
MISC
juniper_networks -- junos_os_nfx_series
 
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series.2019-10-09not yet calculatedCVE-2019-0070
MISC
juniper_networks -- junos_os_nfx_series
 
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.2019-10-09not yet calculatedCVE-2019-0057
MISC
juniper_networks -- junos_os_srx1500_series
 
Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this condition occurs. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D170 on SRX1500; 17.3 versions prior to 17.3R3-S7 on SRX1500; 17.4 versions prior to 17.4R2-S8, 17.4R3 on SRX1500; 18.1 versions prior to 18.1R3-S8 on SRX1500; 18.2 versions prior to 18.2R3 on SRX1500; 18.3 versions prior to 18.3R2 on SRX1500; 18.4 versions prior to 18.4R2 on SRX1500.2019-10-09not yet calculatedCVE-2019-0050
CONFIRM
juniper_networks -- junos_os_srx5000_series
 
On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series.2019-10-09not yet calculatedCVE-2019-0064
MISC
juniper_networks -- junos_os_srx5000_series
 
SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.2019-10-09not yet calculatedCVE-2019-0051
MISC
juniper_networks -- junos_os_srx_series

 

A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.2019-10-09not yet calculatedCVE-2019-0055
MISC
MLIST
juniper_networks -- junos_os_srx_series
 
The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.2019-10-09not yet calculatedCVE-2019-0068
CONFIRM
juniper_networks -- junos_os_srx_series
 
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.2019-10-09not yet calculatedCVE-2019-0060
MISC
MISC
juniper_networks -- junos_os_srx_series
 
A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain actions. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D80 on SRX Series.2019-10-09not yet calculatedCVE-2019-0058
MISC
juniper_networks -- junos_os_srx_series
 
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.2019-10-09not yet calculatedCVE-2019-0054
MISC
MISC
juniper_networks -- sbr_carrier
 
An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4.2019-10-09not yet calculatedCVE-2019-0072
MISC
kaseva -- vsa_rmm
 
An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.)2019-10-11not yet calculatedCVE-2019-14510
MISC
MISC
MISC
MISC
MISC
kirona -- dynamic_resource_scheduling
 
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.2019-10-11not yet calculatedCVE-2019-17503
MISC
kirona -- dynamic_resource_scheduling
 
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.2019-10-11not yet calculatedCVE-2019-17504
MISC
knex.js -- knex.js
 
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.2019-10-08not yet calculatedCVE-2019-10757
CONFIRM
kramer -- viaware
 
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.2019-10-09not yet calculatedCVE-2019-17124
MISC
landing-cms -- landing-cms
 
An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI,2019-10-12not yet calculatedCVE-2019-17521
MISC
laravel-bjyblog -- laravel-bjyblog
 
laravel-bjyblog 6.1.1 has XSS via a crafted URL.2019-10-10not yet calculatedCVE-2019-17494
MISC
libntlm -- libntlm
 
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.2019-10-10not yet calculatedCVE-2019-17455
MISC
libtom_project -- libtomcrypt
 
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.2019-10-08not yet calculatedCVE-2019-17362
MISC
MISC
MLIST
MISC
libvips -- libvips
 
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.2019-10-12not yet calculatedCVE-2019-17534
MISC
MISC
MISC
mantisbt -- mantisbt
 
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.2019-10-09not yet calculatedCVE-2019-15715
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
mcafee -- endpoint_security
 
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.2019-10-09not yet calculatedCVE-2019-3652
CONFIRM
mcafee -- endpoint_security
 
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.2019-10-09not yet calculatedCVE-2019-3653
CONFIRM
microsoft -- azure_app_service_on_azure_stack
 
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.2019-10-10not yet calculatedCVE-2019-1372
MISC
microsoft -- internet_explorer
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.2019-10-10not yet calculatedCVE-2019-1371
MISC
microsoft -- microsoft_dynamics_365
 
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.2019-10-10not yet calculatedCVE-2019-1375
MISC
microsoft -- microsoft_edge
 
An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'.2019-10-10not yet calculatedCVE-2019-1356
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.2019-10-10not yet calculatedCVE-2019-1342
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.2019-10-10not yet calculatedCVE-2019-1230
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.2019-10-10not yet calculatedCVE-2019-1321
MISC
microsoft -- multiple_windows_products
 
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.2019-10-10not yet calculatedCVE-2019-1166
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.2019-10-10not yet calculatedCVE-2019-1344
MISC
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345.2019-10-10not yet calculatedCVE-2019-1334
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.2019-10-10not yet calculatedCVE-2019-1337
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.2019-10-10not yet calculatedCVE-2019-1339
MISC
microsoft -- multiple_windows_products
 
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.2019-10-10not yet calculatedCVE-2019-1346
MISC
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.2019-10-10not yet calculatedCVE-2019-1341
MISC
microsoft -- multiple_windows_products
 
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.2019-10-10not yet calculatedCVE-2019-1343
MISC
MISC
microsoft -- multiple_windows_products
 
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.2019-10-10not yet calculatedCVE-2019-1368
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'.2019-10-10not yet calculatedCVE-2019-1365
MISC
microsoft -- multiple_windows_products
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.2019-10-10not yet calculatedCVE-2019-1359
MISC
microsoft -- multiple_windows_products
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.2019-10-10not yet calculatedCVE-2019-1358
MISC
microsoft -- multiple_windows_products
 
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.2019-10-10not yet calculatedCVE-2019-1347
MISC
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322.2019-10-10not yet calculatedCVE-2019-1340
MISC
microsoft -- windows_10_mobile
 
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'.2019-10-10not yet calculatedCVE-2019-1314
MISC
microsoft -- windows_7_and_windows_server_2008An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.2019-10-10not yet calculatedCVE-2019-1362
MISC
MISC
MISC
microsoft -- windows_7_and_windows_server_2008
 
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'.2019-10-10not yet calculatedCVE-2019-1338
MISC
microsoft -- windows_7_and_windows_server_2008
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.2019-10-10not yet calculatedCVE-2019-1364
MISC
MISC
microsoft -- windows_update_assistant
 
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.2019-10-10not yet calculatedCVE-2019-1378
MISC
moxa -- edr_810
 
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.2019-10-08not yet calculatedCVE-2019-10963
MISC
moxa -- edr_810
 
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.2019-10-08not yet calculatedCVE-2019-10969
MISC
netaddr_gem_for_ruby_on_rails -- netaddr_gem_for_ruby_on_rails
 
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.2019-10-09not yet calculatedCVE-2019-17383
MISC
MISC
netapp -- clustered_data_ontap
 
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.2019-10-09not yet calculatedCVE-2019-5506
CONFIRM
netapp -- snapmanager_for_oracle
 
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.2019-10-09not yet calculatedCVE-2019-5507
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.2019-10-09not yet calculatedCVE-2019-17373
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.2019-10-09not yet calculatedCVE-2019-17372
MISC
netsarang -- xftpNetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.2019-10-10not yet calculatedCVE-2019-17320
MISC
node-red -- node-red-dashboard
 
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.2019-10-08not yet calculatedCVE-2019-10756
CONFIRM
nvidia -- shield_tv
 
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.2019-10-09not yet calculatedCVE-2019-5700
CONFIRM
nvidia -- shield_tv
 
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges.2019-10-09not yet calculatedCVE-2019-5699
CONFIRM
open_information_security_foundation -- libhtp
 
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.2019-10-09not yet calculatedCVE-2019-17420
MISC
MISC
MISC
openbsd -- openssh
 
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.2019-10-09not yet calculatedCVE-2019-16905
MISC
MISC
MISC
MISC
CONFIRM
CONFIRM
openstack_project -- openstack_octavia
 
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.2019-10-08not yet calculatedCVE-2019-17134
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
UBUNTU
otcms -- otcms
 
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.2019-10-09not yet calculatedCVE-2019-17369
MISC
palo_alto_networks -- zingbox_inspector
 
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.2019-10-09not yet calculatedCVE-2019-15017
MISC
palo_alto_networks -- zingbox_inspector
 
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.2019-10-09not yet calculatedCVE-2019-15015
MISC
prettyphoto -- prettyphoto
 
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.2019-10-10not yet calculatedCVE-2015-9478
MISC
MISC
python -- python
 
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.2019-10-12not yet calculatedCVE-2019-17514
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
redhat -- ansible
 
Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ansible_engine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.2019-10-08not yet calculatedCVE-2019-14846
CONFIRM
redhat -- openshiftA vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.2019-10-08not yet calculatedCVE-2019-14845
CONFIRM
riot -- riot
 
In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.2019-10-09not yet calculatedCVE-2019-17389
MISC
rsyslog -- rsyslog
 
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.2019-10-07not yet calculatedCVE-2019-17041
CONFIRM
CONFIRM
samsung -- laser_printers
 
A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service.2019-10-11not yet calculatedCVE-2019-6335
CONFIRM
samsung -- multiple_p_phones
 
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.2019-10-09not yet calculatedCVE-2019-11341
MISC
MISC
MISC
sap -- customer_relationship_management
 
SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.2019-10-08not yet calculatedCVE-2019-0368
MISC
CONFIRM
sap -- landscape_management_enterprise_edition
 
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters? default values to be part of the application logs leading to Information Disclosure.2019-10-08not yet calculatedCVE-2019-0380
MISC
CONFIRM
sap -- process_integration
 
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check2019-10-08not yet calculatedCVE-2019-0379
MISC
CONFIRM
sap -- sql_anywhere
 
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.2019-10-08not yet calculatedCVE-2019-0381
MISC
CONFIRM
siemens -- multiple_products
 
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.2.3), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G150 (Control Unit) (All versions), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-10-10not yet calculatedCVE-2019-10936
CONFIRM
siemens -- multiple_products
 
A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations.2019-10-10not yet calculatedCVE-2019-10923
CONFIRM
siemens -- simatic_it_uadmA vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-10-10not yet calculatedCVE-2019-13929
CONFIRM
siemens -- simatic_winac_rtx_(f)_2010
 
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-10-10not yet calculatedCVE-2019-13921
CONFIRM
signal -- private_messenger
 
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.2019-10-04not yet calculatedCVE-2019-17191
MISC
MISC
MISC
sma_solar_technology -- sunny_webox
 
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.2019-10-09not yet calculatedCVE-2019-13529
MISC
MISC
socomec -- diris_a-40_devices
 
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.2019-10-09not yet calculatedCVE-2019-15859
MISC
FULLDISC
MISC
softing -- uagate_si
 
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.2019-10-10not yet calculatedCVE-2019-15051
MISC
softing -- uagate_si
 
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.2019-10-10not yet calculatedCVE-2019-11526
MISC
softing -- uagate_si
 
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.2019-10-10not yet calculatedCVE-2019-11527
MISC
softing -- uagate_si
 
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.2019-10-10not yet calculatedCVE-2019-11528
MISC
softland -- file_sharing_wizard
 
A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331.2019-10-09not yet calculatedCVE-2019-17415
MISC
solarwinds -- dameware_mini_remote_client
 
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.2019-10-08not yet calculatedCVE-2019-3980
MISC
sophos -- cyberoamos
 
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.2019-10-11not yet calculatedCVE-2019-17059
CONFIRM
MISC
MISC
swagger -- swagger_ui
 
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.2019-10-10not yet calculatedCVE-2019-17495
MISC
MISC
syslog -- rsyslog
 
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.2019-10-07not yet calculatedCVE-2019-17042
CONFIRM
CONFIRM
tbeu -- matio
 
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.2019-10-12not yet calculatedCVE-2019-17533
MISC
MISC
tinylcy -- vino
 
tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL.2019-10-09not yet calculatedCVE-2019-17414
MISC
tracker_software -- pdf-xchange_editor
 
Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.2019-10-10not yet calculatedCVE-2019-17497
MISC
v-zug -- combi-steam_mslq_devices
 
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.2019-10-06not yet calculatedCVE-2019-17218
MISC
v-zug -- combi-steam_mslq_devices
 
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.2019-10-06not yet calculatedCVE-2019-17216
MISC
v-zug -- combi-steam_mslq_devices
 
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.2019-10-06not yet calculatedCVE-2019-17215
MISC
v-zug -- combi-steam_mslq_devices
 
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.2019-10-06not yet calculatedCVE-2019-17217
MISC
v-zug -- combi-steam_mslq_devices
 
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.2019-10-06not yet calculatedCVE-2019-17219
MISC
vmware -- multiple_productsESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.2019-10-10not yet calculatedCVE-2019-5527
CONFIRM
vmware -- workstation_and_fusion
 
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.2019-10-10not yet calculatedCVE-2019-5535
CONFIRM
wordpress -- wordpressThe ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9487
MISC
wordpress -- wordpressThe ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9490
MISC
wordpress -- wordpressThe ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9492
MISC
wordpress -- wordpressThe buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.2019-10-07not yet calculatedCVE-2015-9455
MISC
MISC
wordpress -- wordpressThe history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.2019-10-10not yet calculatedCVE-2015-9470
MISC
MISC
wordpress -- wordpressThe pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.2019-10-10not yet calculatedCVE-2015-9457
MISC
MISC
MISC
wordpress -- wordpressThe RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.2019-10-10not yet calculatedCVE-2015-9480
EXPLOIT-DB
wordpress -- wordpress

 

The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.2019-10-10not yet calculatedCVE-2015-9479
MISC
wordpress -- wordpress
 
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.2019-10-10not yet calculatedCVE-2015-9460
MISC
MISC
MISC
wordpress -- wordpress
 
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.2019-10-10not yet calculatedCVE-2015-9472
MISC
MISC
MISC
wordpress -- wordpress
 
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.2019-10-10not yet calculatedCVE-2015-9466
MISC
MISC
MISC
wordpress -- wordpress
 
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.2019-10-10not yet calculatedCVE-2015-9471
MISC
MISC
MISC
wordpress -- wordpress
 
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.2019-10-10not yet calculatedCVE-2015-9463
MISC
MISC
wordpress -- wordpress
 
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.2019-10-10not yet calculatedCVE-2015-9464
MISC
EXPLOIT-DB
wordpress -- wordpress
 
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.2019-10-10not yet calculatedCVE-2015-9462
MISC
MISC
MISC
wordpress -- wordpress
 
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.2019-10-10not yet calculatedCVE-2015-9469
MISC
MISC
wordpress -- wordpress
 
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.2019-10-10not yet calculatedCVE-2015-9465
MISC
MISC
MISC
wordpress -- wordpress
 
The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9486
MISC
wordpress -- wordpress
 
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.2019-10-10not yet calculatedCVE-2015-9473
MISC
wordpress -- wordpress
 
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9483
MISC
wordpress -- wordpress
 
The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.2019-10-10not yet calculatedCVE-2019-17386
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9489
MISC
wordpress -- wordpress
 
The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9488
MISC
wordpress -- wordpress
 
The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9485
MISC
wordpress -- wordpress
 
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.2019-10-10not yet calculatedCVE-2015-9474
MISC
wordpress -- wordpress
 
The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9484
MISC
wordpress -- wordpress
 
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9482
MISC
wordpress -- wordpress
 
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9481
MISC
wordpress -- wordpress
 
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.2019-10-10not yet calculatedCVE-2015-9477
MISC
wordpress -- wordpress
 
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.2019-10-10not yet calculatedCVE-2015-9476
MISC
wordpress -- wordpress
 
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.2019-10-10not yet calculatedCVE-2015-9475
MISC
wordpress -- wordpress
 
The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.2019-10-11not yet calculatedCVE-2015-9491
MISC
yealink -- multiple_phones
 
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.2019-10-08not yet calculatedCVE-2019-14656
MISC
MISC
yealink -- multiple_phones
 
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.2019-10-08not yet calculatedCVE-2019-14657
MISC
MISC
zabbix -- zabbix
 
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.2019-10-09not yet calculatedCVE-2019-17382
MISC
zoho_manageengine -- datasecurity_plus
 
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).2019-10-09not yet calculatedCVE-2019-17112
MISC
MISC
zyxel -- nbg-418n_router
 
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.2019-10-09not yet calculatedCVE-2019-17354
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.