Vulnerability Summary for the Week of October 21, 2019
Released
Oct 28, 2019
Document ID
SB19-301
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| citrix -- application_delivery_controller_and_gateway | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name. | 2019-10-21 | 7.5 | CVE-2019-18225 MISC |
| facebook -- whatsapp_for_android | A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service. | 2019-10-23 | 7.5 | CVE-2019-11933 CONFIRM |
| file -- file | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | 2019-10-21 | 7.5 | CVE-2019-18218 MISC MISC MLIST DEBIAN |
| fusionpbx -- fusionpbx | app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data. | 2019-10-21 | 9 | CVE-2019-16964 MISC MISC |
| fusionpbx -- fusionpbx | resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. | 2019-10-21 | 9 | CVE-2019-16965 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. | 2019-10-21 | 8.5 | CVE-2019-16985 MISC MISC |
| ibm -- db2_high_performance_unload | IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481. | 2019-10-22 | 7.2 | CVE-2019-4523 XF CONFIRM |
| libidn -- libidn2 | idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. | 2019-10-21 | 7.5 | CVE-2019-18224 MISC MISC MISC |
| linux -- linux_kernel | In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753. | 2019-10-18 | 7.2 | CVE-2019-18198 MISC MISC MISC MISC UBUNTU |
| project_floodlight -- open_floodlight_sdn_controller_software | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch. | 2019-10-23 | 7.8 | CVE-2013-7333 MISC |
| slicer69 -- doas
| An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids. | 2019-10-18 | 9 | CVE-2019-15901 MISC MISC MISC |
| slicer69 -- doas | An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root. | 2019-10-18 | 10 | CVE-2019-15900 MISC MISC |
| sonatype -- nexus_repository_manager | Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | 2019-10-21 | 9 | CVE-2019-16530 MISC CONFIRM |
| sourcecodester -- online_grading_system | Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | 2019-10-23 | 7.5 | CVE-2019-18344 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- experience_manager_forms | Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-22 | 4.3 | CVE-2019-8089 CONFIRM |
| apache -- traffic_server | Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. | 2019-10-22 | 5 | CVE-2019-10079 MISC |
| ether -- etherpad-lite | templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. | 2019-10-19 | 4.3 | CVE-2019-18209 MISC |
| freepbx -- freepbx | An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager. | 2019-10-21 | 4.3 | CVE-2019-16967 MISC MISC MISC |
| freepbx -- freepbx | An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager. | 2019-10-21 | 4.3 | CVE-2019-16966 MISC MISC MISC |
| fusionpbx -- fusionpbx
| In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16982 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16991 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16989 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16988 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16987 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16984 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16983 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it. | 2019-10-21 | 4 | CVE-2019-16990 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16981 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-22 | 4.3 | CVE-2019-16973 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16978 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-23 | 4.3 | CVE-2019-16975 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16974 MISC MISC |
| fusionpbx -- fusionpbx | An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16968 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16969 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16970 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | 2019-10-22 | 4.3 | CVE-2019-16971 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-21 | 4.3 | CVE-2019-16979 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-22 | 4.3 | CVE-2019-16972 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. | 2019-10-21 | 6.5 | CVE-2019-16980 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.) | 2019-10-21 | 4 | CVE-2019-16986 MISC MISC MISC |
| gnome -- libxslt | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. | 2019-10-18 | 6.8 | CVE-2019-18197 MISC MISC MISC MISC MLIST UBUNTU |
| haproxy -- haproxy | A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification). | 2019-10-23 | 4.3 | CVE-2019-18277 MISC MISC MISC |
| horner_automation -- cscape | In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code. | 2019-10-18 | 6.8 | CVE-2019-13541 MISC MISC |
| horner_automation -- cscape | In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. | 2019-10-18 | 6.8 | CVE-2019-13545 MISC MISC |
| jenkins -- jenkins | Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 2019-10-23 | 4 | CVE-2019-10467 MLIST CONFIRM |
| jenkins -- jenkins | An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 2019-10-23 | 5.5 | CVE-2019-10466 MLIST CONFIRM |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-10-23 | 6.8 | CVE-2019-10471 MLIST CONFIRM |
| jenkins -- jenkins | A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 2019-10-23 | 4.3 | CVE-2019-10475 MLIST CONFIRM |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-10-23 | 6.8 | CVE-2019-10468 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 2019-10-23 | 4 | CVE-2019-10459 MLIST CONFIRM |
| jenkins -- jenkins | A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 2019-10-23 | 4 | CVE-2019-10463 MLIST CONFIRM |
| jenkins -- jenkins | A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | 2019-10-23 | 4 | CVE-2019-10465 MLIST CONFIRM |
| jenkins -- jenkins | A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-10-23 | 4 | CVE-2019-10469 MLIST CONFIRM |
| jenkins -- jenkins | A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 2019-10-23 | 4 | CVE-2019-10470 MLIST CONFIRM |
| jenkins -- jenkins | A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-10-23 | 4 | CVE-2019-10472 MLIST CONFIRM |
| jenkins -- jenkins | A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 2019-10-23 | 4 | CVE-2019-10473 MLIST CONFIRM |
| jenkins -- jenkins | A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | 2019-10-23 | 4 | CVE-2019-10474 MLIST CONFIRM |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | 2019-10-23 | 6.8 | CVE-2019-10464 MLIST CONFIRM |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | 2019-10-23 | 6.8 | CVE-2019-10462 MLIST CONFIRM |
| libssh2_project -- libssh2 | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. | 2019-10-21 | 5.8 | CVE-2019-17498 MISC MISC MISC MISC |
| micro_focus -- self_service_password_reset | Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. | 2019-10-22 | 4.3 | CVE-2019-11674 MISC |
| mooltipass -- moolticute | Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Control. | 2019-10-22 | 4.3 | CVE-2019-12967 MISC MISC |
| openemr_foundation -- openemr | Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter. | 2019-10-21 | 6.5 | CVE-2019-16404 MISC |
| openemr_foundation -- openemr | Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter. | 2019-10-21 | 4.3 | CVE-2019-16862 MISC MISC |
| openemr_foundation -- openemr | Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter. | 2019-10-21 | 4.3 | CVE-2019-17409 MISC MISC |
| openwrt_project -- openwrt | OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | 2019-10-18 | 6.8 | CVE-2019-17367 CONFIRM |
| proftpd_project -- proftpd | ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | 2019-10-21 | 5 | CVE-2019-18217 MISC MISC MISC MISC MISC MLIST FEDORA FEDORA |
| qt -- qtbase | An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. | 2019-10-23 | 5 | CVE-2019-18281 MISC MISC MISC |
| ratpack -- ratpack | An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. | 2019-10-18 | 5 | CVE-2019-17513 MISC MISC CONFIRM CONFIRM MISC |
| ricoh -- mp_501_printer | On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 2019-10-21 | 4.3 | CVE-2019-18203 MISC |
| rocket.chat -- rocket.chat | Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | 2019-10-21 | 4.3 | CVE-2019-17220 MISC MISC MISC MISC |
| sitemagic_cms -- sitemagic_cms | Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions. | 2019-10-23 | 6.8 | CVE-2019-18220 MISC MISC |
| sitemagic_cms -- sitemagic_cms | Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter. | 2019-10-23 | 4.3 | CVE-2019-18219 MISC MISC |
| sourcecodester -- online_grading_system | Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/controller.php?action=add URI. | 2019-10-23 | 6.8 | CVE-2019-18280 MISC |
| tomedo -- tomedo_server | The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. | 2019-10-18 | 5 | CVE-2019-17393 MISC FULLDISC |
| trend_micro -- anti-threat_toolkit | Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. | 2019-10-21 | 5.1 | CVE-2019-9491 MISC FULLDISC BUGTRAQ MISC |
| uncoconv -- uncoconv | The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. | 2019-10-21 | 5 | CVE-2019-17400 MISC MISC |
| verodin -- director | An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request. | 2019-10-21 | 4 | CVE-2019-10716 MISC MISC MISC |
| video_converter_app_for_nextcloud -- video_converter_app_for_nextcloud | The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.) | 2019-10-19 | 6.8 | CVE-2019-18214 MISC |
| videolan -- vlc_media_player | When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. | 2019-10-23 | 4.6 | CVE-2019-18278 MISC |
| vmware -- harbor_container_registery_for_pcf | Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | 2019-10-18 | 5 | CVE-2019-16919 CONFIRM MISC MISC |
| wago -- pfc100_and_pfc200_series_devices | Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. | 2019-10-19 | 5 | CVE-2019-18202 MISC |
| wordpress -- wordpress | The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | 2019-10-22 | 6.8 | CVE-2015-9497 MISC MISC |
| wordpress -- wordpress | The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. | 2019-10-23 | 4.3 | CVE-2015-9502 MISC |
| wordpress -- wordpress | The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. | 2019-10-22 | 6.5 | CVE-2015-9496 MISC EXPLOIT-DB |
| wordpress -- wordpress | The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. | 2019-10-22 | 4.3 | CVE-2015-9493 CONFIRM MISC |
| wordpress -- wordpress | The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. | 2019-10-22 | 4.3 | CVE-2015-9494 MISC |
| wordpress -- wordpress | The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. | 2019-10-22 | 6.8 | CVE-2015-9498 CONFIRM MISC |
| wordpress -- wordpress | The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. | 2019-10-22 | 4.3 | CVE-2015-9495 CONFIRM MISC |
| wordpress -- wordpress | The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. | 2019-10-22 | 4.3 | CVE-2015-9500 MISC |
| wordpress -- wordpress | The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. | 2019-10-22 | 4.3 | CVE-2015-9501 CONFIRM MISC |
| wordpress -- wordpress | The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. | 2019-10-23 | 4.3 | CVE-2015-9503 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9531 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9535 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9536 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9509 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9505 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9507 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9508 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9512 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9510 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9511 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9513 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9514 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9515 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9525 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9526 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9527 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9528 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9529 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9532 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9533 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9534 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | 4.3 | CVE-2015-9530 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| fritz -- fritz!os | Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. | 2019-10-22 | 2.1 | CVE-2017-8087 MISC MISC FULLDISC |
| jenkins -- jenkins | Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 2019-10-23 | 2.1 | CVE-2019-10460 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 2019-10-23 | 2.1 | CVE-2019-10461 MLIST CONFIRM |
| jenkins -- jenkins | Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 2019-10-23 | 2.1 | CVE-2019-10476 MLIST CONFIRM |
| loofah_gem_for_ruby_on_rails -- loofah_gem_for_ruby_on_rails | In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 2019-10-22 | 3.5 | CVE-2019-15587 CONFIRM MISC |
| totemodata -- totemodata | totemodata 3.0.0_b936 has XSS via a folder name. | 2019-10-22 | 3.5 | CVE-2019-17189 MISC MISC MISC |
| verodin -- director | There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages. | 2019-10-21 | 3.5 | CVE-2019-10715 MISC MISC |
| wordpress -- wordpress | A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action. | 2019-10-18 | 3.5 | CVE-2019-17207 MISC FULLDISC MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3s-smart_software_solutions -- codesys_eni_server | 3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow. | 2019-10-25 | not yet calculated | CVE-2019-16265 CONFIRM MISC |
| abode -- creative_cloud_desktop_application | Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. | 2019-10-23 | not yet calculated | CVE-2019-8236 MISC |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | 2019-10-23 | not yet calculated | CVE-2019-8238 MISC |
| adobe -- acrobat_and_reader | Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 2019.012.20035 and earlier versions; 2017.011.30142 and earlier versions; 2017.011.30143 and earlier versions; 2015.006.30497 and earlier versions; 2015.006.30498 and earlier versions have an Insufficiently Robust Encryption vulnerability. Successful exploitation could lead to Security feature bypass in the context of the current user. | 2019-10-23 | not yet calculated | CVE-2019-8237 MISC |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-10-25 | not yet calculated | CVE-2019-8088 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | not yet calculated | CVE-2019-8234 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | not yet calculated | CVE-2019-8087 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | not yet calculated | CVE-2019-8084 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | not yet calculated | CVE-2019-8085 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | not yet calculated | CVE-2019-8082 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | not yet calculated | CVE-2019-8083 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | not yet calculated | CVE-2019-8081 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-24 | not yet calculated | CVE-2019-8078 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-24 | not yet calculated | CVE-2019-8079 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | not yet calculated | CVE-2019-8086 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation. | 2019-10-24 | not yet calculated | CVE-2019-8080 CONFIRM |
| ant_design -- ant_design_pro | In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. | 2019-10-23 | not yet calculated | CVE-2019-18350 MISC |
| apache -- poi | In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | 2019-10-23 | not yet calculated | CVE-2019-12415 MISC |
| avast -- antivirus | An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. | 2019-10-23 | not yet calculated | CVE-2019-17093 MISC MISC |
| avstar -- pe204_ip_camera_devices | An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open. | 2019-10-23 | not yet calculated | CVE-2019-18382 MISC |
| clonos -- web_control_panel | A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2019-10-24 | not yet calculated | CVE-2019-18419 MISC |
| clonos -- web_control_panel | clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. | 2019-10-24 | not yet calculated | CVE-2019-18418 MISC |
| cloud_foundry -- smb_volume | Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume. | 2019-10-23 | not yet calculated | CVE-2019-11283 CONFIRM |
| cloud_foundry -- uaa | Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA. | 2019-10-23 | not yet calculated | CVE-2019-11282 CONFIRM |
| corehr -- core_portal | CoreHR Core Portal before 27.0.7 allows stored XSS. | 2019-10-25 | not yet calculated | CVE-2019-18221 MISC MISC |
| craft_cms -- craft_cms | In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. | 2019-10-24 | not yet calculated | CVE-2019-15929 MISC |
| d-link -- dir-865l_wireless_routers | D-Link DIR-865L has Information Disclosure. | 2019-10-25 | not yet calculated | CVE-2013-4856 MISC MISC MISC |
| d-link -- dir-865l_wireless_routers | D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | 2019-10-25 | not yet calculated | CVE-2013-4855 MISC MISC MISC |
| d-link -- dir-865l_wireless_routers | D-Link DIR-865L has PHP File Inclusion in the router xml file. | 2019-10-25 | not yet calculated | CVE-2013-4857 MISC MISC |
| darktrace -- enterprise_immune_system
| Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint. | 2019-10-23 | not yet calculated | CVE-2019-9597 MISC MISC BUGTRAQ MISC |
| darktrace -- enterprise_immune_system | Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint. | 2019-10-23 | not yet calculated | CVE-2019-9596 MISC MISC BUGTRAQ MISC |
| forcepoint -- one_endpoint | This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | 2019-10-23 | not yet calculated | CVE-2019-6144 MISC |
| fortinet -- forticlient_for_windows | A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. | 2019-10-24 | not yet calculated | CVE-2019-6692 MISC |
| fortinet -- fortios | An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | 2019-10-24 | not yet calculated | CVE-2019-15703 MISC |
| foxit_software -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276. | 2019-10-25 | not yet calculated | CVE-2019-17145 MISC |
| foxit_software -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692. | 2019-10-25 | not yet calculated | CVE-2019-17139 MISC MISC |
| foxit_software -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081. | 2019-10-25 | not yet calculated | CVE-2019-17142 MISC MISC |
| foxit_software -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044. | 2019-10-25 | not yet calculated | CVE-2019-17141 MISC MISC |
| foxit_software -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091. | 2019-10-25 | not yet calculated | CVE-2019-17140 MISC MISC |
| foxit_software -- phantompdf | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273. | 2019-10-25 | not yet calculated | CVE-2019-17143 MISC |
| foxit_software -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274. | 2019-10-25 | not yet calculated | CVE-2019-17144 MISC |
| foxit_software -- photo_studio | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809. | 2019-10-25 | not yet calculated | CVE-2019-17138 MISC MISC |
| fujitsu -- wireless_keyboard_set_lx390_gk381_devices | An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords. | 2019-10-24 | not yet calculated | CVE-2019-18201 MISC MISC MISC |
| fujitsu -- wireless_keyboard_set_lx390_gk381_devices | An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks. | 2019-10-24 | not yet calculated | CVE-2019-18200 MISC MISC MISC |
| fujitsu -- wireless_keyboard_set_lx390_gk381_devices | An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks. | 2019-10-24 | not yet calculated | CVE-2019-18199 MISC MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | 2019-10-23 | not yet calculated | CVE-2019-16976 MISC MISC |
| fusionpbx -- fusionpbx | In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 2019-10-23 | not yet calculated | CVE-2019-16977 MISC MISC |
| gnu_project -- gcc | Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | 2019-10-23 | not yet calculated | CVE-2002-2439 MISC MISC CONFIRM MISC |
| golang -- go | Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. | 2019-10-24 | not yet calculated | CVE-2019-17596 CONFIRM CONFIRM DEBIAN |
| google -- chrome | browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | 2019-10-25 | not yet calculated | CVE-2016-5202 MISC MISC MISC MISC MISC |
| honeywell -- ip-ak2_access_control_panel | In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. | 2019-10-25 | not yet calculated | CVE-2019-13525 MISC |
| horde -- groupware_webmail_edition | Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI, related to the Tag Cloud feature. | 2019-10-24 | not yet calculated | CVE-2019-12094 MISC MISC MISC MISC MISC MISC |
| horde -- groupware_webmail_edition | Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. | 2019-10-24 | not yet calculated | CVE-2019-12095 MISC MISC MISC MISC MISC MISC MISC |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. | 2019-10-25 | not yet calculated | CVE-2019-4394 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. | 2019-10-25 | not yet calculated | CVE-2019-4395 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. | 2019-10-25 | not yet calculated | CVE-2019-4399 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261. | 2019-10-25 | not yet calculated | CVE-2019-4400 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. | 2019-10-25 | not yet calculated | CVE-2019-4396 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. | 2019-10-25 | not yet calculated | CVE-2019-4461 XF CONFIRM |
| ibm -- cloud_orchestrator_and_cloud_orchestrator_enterprise
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259. | 2019-10-24 | not yet calculated | CVE-2019-4398 XF CONFIRM |
| ibm -- cloud_orchestrator_and_cloud_orchestrator_enterprise | IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239 | 2019-10-24 | not yet calculated | CVE-2019-4397 XF CONFIRM |
| ibm -- cloud_orchestrator_and_cloud_orchestrator_enterprise | IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656. | 2019-10-24 | not yet calculated | CVE-2019-4459 XF CONFIRM |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. | 2019-10-24 | not yet calculated | CVE-2019-4486 XF CONFIRM |
| ibm -- security_access_manager_appliance | IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. | 2019-10-25 | not yet calculated | CVE-2019-4036 XF CONFIRM |
| ignite_realtime -- openfire | PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. | 2019-10-24 | not yet calculated | CVE-2019-18393 MISC |
| ignite_realtime -- openfire | A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. | 2019-10-24 | not yet calculated | CVE-2019-18394 MISC |
| labf -- nfsaxe_ftp_client | Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. | 2019-10-25 | not yet calculated | CVE-2017-14742 EXPLOIT-DB |
| libarchive -- libarchive | archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. | 2019-10-24 | not yet calculated | CVE-2019-18408 MISC MISC MISC MLIST |
| libidn -- libidn2 | GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. | 2019-10-22 | not yet calculated | CVE-2019-12290 MISC CONFIRM MISC |
| linksys -- ea6500_wireless_routers | Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. | 2019-10-25 | not yet calculated | CVE-2013-4658 MISC MISC MISC |
| mapr -- cldb | A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which Java class this JSON request is deserialized to. By doing so, the attacker can force the MapR CLDB to construct a URLClassLoader which loads a malicious Java class from a remote path and instantiate this object in the MapR CLDB, thus executing arbitrary code on the machine running the MapR CLDB and take over the cluster. By switching to the newer Jackson library and ensuring that all incoming JSON requests are only deserialized to the same class that it was serialized from, the vulnerability is fixed. This vulnerability affects the entire MapR core platform. | 2019-10-24 | not yet calculated | CVE-2019-12017 MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | 2019-10-25 | not yet calculated | CVE-2016-2356 MISC MISC MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | 2019-10-25 | not yet calculated | CVE-2016-2359 MISC MISC MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | 2019-10-25 | not yet calculated | CVE-2016-2358 MISC MISC MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | 2019-10-25 | not yet calculated | CVE-2016-2357 MISC MISC MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | 2019-10-25 | not yet calculated | CVE-2016-2360 MISC MISC MISC |
| mp3gain_project -- mp3gain | A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. | 2019-10-23 | not yet calculated | CVE-2019-18359 MISC |
| netapp -- clustered_data_ontap | Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | 2019-10-25 | not yet calculated | CVE-2019-5508 MISC |
| nipper-ng -- nipper-ng | A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file. | 2019-10-22 | not yet calculated | CVE-2019-17424 MISC MISC MISC MISC |
| node.js -- node.js | The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. | 2019-10-23 | not yet calculated | CVE-2019-17606 MISC MISC MISC CONFIRM |
| philips -- intellispace_perinatal | In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. | 2019-10-25 | not yet calculated | CVE-2019-13546 MISC |
project_floodlight -- open_floodlight_sdn_controller_software | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. | 2019-10-23 | not yet calculated | CVE-2014-2304 MISC |
| python -- python | An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.) | 2019-10-23 | not yet calculated | CVE-2019-18348 MISC MISC |
| repetier-server -- repetier-server | RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. | 2019-10-25 | not yet calculated | CVE-2019-14451 CONFIRM MISC |
| rittal -- rittal_chiller_sk_3232-series | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. | 2019-10-25 | not yet calculated | CVE-2019-13553 MISC |
| rittal -- rittal_chiller_sk_3232-series | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. | 2019-10-25 | not yet calculated | CVE-2019-13549 MISC |
| ruby_parser-legacy_gem_for_ruby_on_rails -- ruby_parser-legacy_gem_for_ruby_on_rails | The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file. | 2019-10-24 | not yet calculated | CVE-2019-18409 MISC |
| sangoma -- session_border_controller | The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php. | 2019-10-22 | not yet calculated | CVE-2019-12148 MISC FULLDISC |
| sangoma -- session_border_controller | The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt. | 2019-10-22 | not yet calculated | CVE-2019-12147 MISC FULLDISC MISC |
| schlix -- schlix_cms | admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. | 2019-10-24 | not yet calculated | CVE-2019-11021 MISC MISC |
| sourcecodester -- restaurant_management_system | Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. | 2019-10-24 | not yet calculated | CVE-2019-18415 MISC |
| sourcecodester -- restaurant_management_system | Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. | 2019-10-24 | not yet calculated | CVE-2019-18417 MISC |
| sourcecodester -- restaurant_management_system | Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. | 2019-10-24 | not yet calculated | CVE-2019-18416 MISC |
| sourcecodester -- restaurant_management_system | Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. | 2019-10-24 | not yet calculated | CVE-2019-18414 MISC |
| sourcecodester -- hotel_and_lodge_management_system | Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | 2019-10-23 | not yet calculated | CVE-2019-18387 MISC |
| symantec -- symantec_messaging_gateway | Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 2019-10-24 | not yet calculated | CVE-2019-9699 CONFIRM |
| teamviewer -- teamviewer | A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default. | 2019-10-24 | not yet calculated | CVE-2019-18196 CONFIRM |
| tenable -- nessus | Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive. | 2019-10-23 | not yet calculated | CVE-2019-3982 MISC |
| terramaster -- fs-210_devices | An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. | 2019-10-23 | not yet calculated | CVE-2019-18385 MISC |
| terramaster -- fs-210_devices | An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission. | 2019-10-23 | not yet calculated | CVE-2019-18383 MISC |
| terramaster -- fs-210_devices | An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring. | 2019-10-23 | not yet calculated | CVE-2019-18384 MISC |
| thycotic -- secret_server | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | 2019-10-23 | not yet calculated | CVE-2019-18356 MISC |
| thycotic -- secret_server | An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | 2019-10-23 | not yet calculated | CVE-2019-18355 MISC |
| thycotic -- secret_server | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | 2019-10-23 | not yet calculated | CVE-2019-18357 MISC |
| tonyy -- dormsystem | tonyy dormsystem through 1.3 allows DOM XSS. | 2019-10-24 | not yet calculated | CVE-2019-17581 MISC MISC |
| tp-link -- m7350_devices | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5). | 2019-10-24 | not yet calculated | CVE-2019-13653 MISC |
| tp-link -- m7350_devices | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). | 2019-10-24 | not yet calculated | CVE-2019-13652 MISC |
| tp-link -- m7350_devices | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5). | 2019-10-24 | not yet calculated | CVE-2019-13650 MISC |
| tp-link -- m7350_devices | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5). | 2019-10-24 | not yet calculated | CVE-2019-13649 MISC |
| tp-link -- m7350_devices | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5). | 2019-10-24 | not yet calculated | CVE-2019-13651 MISC MISC |
| tp-link -- tl-wdr4300_wireless_routers | TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | 2019-10-25 | not yet calculated | CVE-2013-4848 MISC MISC MISC MISC MISC |
| typestack -- class-validator | In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | 2019-10-24 | not yet calculated | CVE-2019-18413 MISC |
| wacom -- update_helper_driver
| An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit. | 2019-10-24 | not yet calculated | CVE-2019-5013 MISC |
| wacom -- update_helper_driver | An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. | 2019-10-24 | not yet calculated | CVE-2019-5012 MISC |
| wordpress -- wordpress | The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | 2019-10-22 | not yet calculated | CVE-2015-9499 MISC MISC EXPLOIT-DB |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9523 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9522 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9506 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9516 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Manual Purchases extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9517 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9520 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9519 MISC |
| wordpress -- wordpress | The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. | 2019-10-23 | not yet calculated | CVE-2015-9504 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9521 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9524 MISC |
| wordpress -- wordpress | The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 2019-10-23 | not yet calculated | CVE-2015-9518 MISC |
| wustl -- xnat | WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. | 2019-10-23 | not yet calculated | CVE-2019-14276 MISC MISC MISC |
| xiaomi -- mi_wifi_r3g_devices | An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed. | 2019-10-23 | not yet calculated | CVE-2019-18370 MISC |
| xiaomi -- mi_wifi_r3g_devices | An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. | 2019-10-23 | not yet calculated | CVE-2019-18371 MISC |
| xml_language_server -- xml_language_server | XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. | 2019-10-23 | not yet calculated | CVE-2019-18212 MISC CONFIRM MISC MISC MISC MISC |
| xml_language_server -- xml_language_server | XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java. | 2019-10-23 | not yet calculated | CVE-2019-18213 MISC CONFIRM MISC MISC MISC MISC |
| youphptube -- youphptube | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. | 2019-10-25 | not yet calculated | CVE-2019-5122 MISC |
| youphptube -- youphptube | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack. | 2019-10-25 | not yet calculated | CVE-2019-5129 MISC |
| youphptube -- youphptube | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. | 2019-10-25 | not yet calculated | CVE-2019-5127 MISC |
| youphptube -- youphptube | Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. | 2019-10-25 | not yet calculated | CVE-2019-5123 MISC |
| youphptube -- youphptube | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php | 2019-10-25 | not yet calculated | CVE-2019-5121 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | 2019-10-25 | not yet calculated | CVE-2019-5120 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | 2019-10-25 | not yet calculated | CVE-2019-5119 MISC |
| youphptube -- youphptube | Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | 2019-10-25 | not yet calculated | CVE-2019-5117 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | 2019-10-25 | not yet calculated | CVE-2019-5116 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. | 2019-10-25 | not yet calculated | CVE-2019-5114 MISC |
| youphptube -- youphptube | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. | 2019-10-25 | not yet calculated | CVE-2019-5128 MISC |
| zend_framework -- zend_framework | Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | 2019-10-25 | not yet calculated | CVE-2015-0270 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.