Vulnerability Summary for the Week of November 4, 2019
Released
Nov 11, 2019
Document ID
SB19-315
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- struts | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 2019-11-01 | 7.5 | CVE-2011-3923 MISC EXPLOIT-DB BID MISC MISC XF MISC |
| aruba_networks -- clearpass_policy_manager | Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | 2019-11-06 | 10 | CVE-2016-4401 CONFIRM |
| clamav -- clamav | There is a possible heap overflow in libclamav/fsg.c before 0.100.0. | 2019-11-06 | 7.5 | CVE-2007-0899 MISC |
| computing_for_good -- basic_laboratory_information_system | Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user. | 2019-11-06 | 7.5 | CVE-2019-5617 MISC |
| computing_for_good -- basic_laboratory_information_system | Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator. | 2019-11-06 | 7.5 | CVE-2019-5644 MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview | 2019-11-04 | 7.5 | CVE-2013-2259 MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input | 2019-11-04 | 7.5 | CVE-2013-4103 MISC MISC MISC MISC MISC |
| gri -- gri | gri before 2.12.18 generates temporary files in an insecure way. | 2019-11-08 | 7.5 | CVE-2008-7291 MISC |
| isl_internet_sicherheitslösungen -- arp_guard | A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. | 2019-11-04 | 7.5 | CVE-2019-18663 MISC |
| linux -- linux_kernel | A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef. | 2019-11-07 | 7.8 | CVE-2019-18812 MISC |
| linux -- linux_kernel | A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.33 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | 2019-11-07 | 7.8 | CVE-2010-2243 MISC CONFIRM MISC MLIST |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. | 2019-11-07 | 7.5 | CVE-2019-18814 MISC |
| linux -- linux_kernel | A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. | 2019-11-07 | 7.8 | CVE-2019-18813 MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. | 2019-11-04 | 7.8 | CVE-2019-18680 MISC MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. | 2019-11-07 | 7.5 | CVE-2019-18805 MISC MISC |
| linux -- linux_kernel | A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d. | 2019-11-07 | 7.8 | CVE-2019-18810 MISC MISC |
| linux -- linux_kernel | A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. | 2019-11-07 | 7.8 | CVE-2019-18809 MISC |
| linux -- linux_kernel | A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. | 2019-11-07 | 7.8 | CVE-2019-18811 MISC |
| linux-vserver -- linux-vserver | linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. | 2019-11-06 | 10 | CVE-2006-4243 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods. | 2019-11-06 | 7.5 | CVE-2019-8144 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection. | 2019-11-06 | 9 | CVE-2019-8159 MISC |
| magento -- magento | An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities. | 2019-11-05 | 7.5 | CVE-2019-8121 MISC |
| magento -- magento | An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component. | 2019-11-06 | 7.5 | CVE-2019-8136 MISC |
| magento -- magento | An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data allows an attacker to limited access to underlying XML data. | 2019-11-06 | 7.5 | CVE-2019-8158 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution. | 2019-11-06 | 7.5 | CVE-2019-8135 MISC |
| minidlna -- minidlna | MiniDLNA has heap-based buffer overflow | 2019-11-01 | 7.5 | CVE-2013-2739 MISC MISC |
| minidlna -- minidlna | minidlna has SQL Injection that may allow retrieval of arbitrary files | 2019-11-01 | 7.5 | CVE-2013-2738 MISC MISC MISC MISC |
| nvu -- nvu | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | 2019-11-05 | 7.5 | CVE-2005-2354 MISC MISC MISC |
| php-gettext -- php-gettext | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | 2019-11-04 | 7.5 | CVE-2015-8980 SUSE MLIST MLIST BID CONFIRM CONFIRM CONFIRM |
| portainer -- portainer | Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). | 2019-11-07 | 9 | CVE-2019-16872 MISC |
| python_sofware_foundation_and_beanbag -- djblets_and_review_board | An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | 2019-11-04 | 7.5 | CVE-2013-4409 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| qualcomm -- multiple_products | Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 7.5 | CVE-2019-10528 CONFIRM |
| qualcomm -- multiple_products | Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | 2019-11-06 | 10 | CVE-2019-10533 CONFIRM |
| qualcomm -- multiple_products | Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 7.5 | CVE-2019-10505 CONFIRM |
| qualcomm -- multiple_products | While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | 2019-11-06 | 7.5 | CVE-2019-10522 CONFIRM |
| qualcomm -- multiple_products | While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8976, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM8150 | 2019-11-06 | 7.5 | CVE-2019-2302 CONFIRM |
| qualcomm -- multiple_products | Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20 | 2019-11-06 | 7.5 | CVE-2019-10542 CONFIRM |
| qualcomm -- multiple_products | Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, QCN7605, QCS405, QCS605, SDM845, SDX24, SXR1130 | 2019-11-06 | 7.5 | CVE-2019-10565 CONFIRM |
| qualcomm -- multiple_products | Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | 2019-11-06 | 10 | CVE-2019-10541 CONFIRM |
| qualcomm -- multiple_products | Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | 2019-11-06 | 10 | CVE-2019-10534 CONFIRM |
| qualcomm -- multiple_products | Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439 | 2019-11-06 | 10 | CVE-2019-10531 CONFIRM |
| qualcomm -- multiple_products | Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 9.3 | CVE-2019-10529 CONFIRM |
| qualcomm -- multiple_products | Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | 2019-11-06 | 10 | CVE-2019-2249 CONFIRM |
| qualcomm -- multiple_products | Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 10 | CVE-2019-2283 CONFIRM |
| qualcomm -- multiple_products | Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | 2019-11-06 | 10 | CVE-2019-2258 CONFIRM |
| qualcomm -- multiple_products | Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574, QCS605, Qualcomm 215, SD 425, SD 427, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 | 2019-11-06 | 7.2 | CVE-2019-2246 CONFIRM |
| qualcomm -- multiple_products | When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24 | 2019-11-06 | 10 | CVE-2019-2324 CONFIRM |
| qualcomm -- multiple_products | Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 10 | CVE-2019-2325 CONFIRM |
| qualcomm -- multiple_products | Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | 2019-11-06 | 10 | CVE-2019-2285 CONFIRM |
| qualcomm -- multiple_products | Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 10 | CVE-2019-2332 CONFIRM |
| qualcomm -- multiple_products | Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 10 | CVE-2019-2323 CONFIRM |
| qualcomm -- multiple_products | Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 10 | CVE-2019-2331 CONFIRM |
| quest -- kace_systems_management_appliance_server_center | Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir]. | 2019-11-06 | 7.5 | CVE-2019-12918 MISC MISC |
| rbot -- rbot | Rbot Reaction plugin allows command execution | 2019-11-06 | 7.5 | CVE-2010-2446 MISC MISC |
| red_hat -- openshift | cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | 2019-11-01 | 7.5 | CVE-2013-0165 MISC |
| s9y -- serendipity | Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | 2019-11-05 | 7.5 | CVE-2011-1134 CONFIRM DEBIAN SECTRACK MISC |
| salesagility -- suitecrm | SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | 2019-11-06 | 7.5 | CVE-2019-18784 MISC MISC |
| shadow_and_sudo -- shadow_and_sudo | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | 2019-11-04 | 7.2 | CVE-2005-4890 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| sonatype -- nexus_repository_manager | There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. | 2019-11-01 | 9 | CVE-2019-15588 MISC CONFIRM |
| twiki -- twiki | TWiki allows arbitrary shell command execution via the Include function | 2019-11-01 | 7.5 | CVE-2005-3056 DEBIAN MISC CONFIRM |
| twiki -- twiki | TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | 2019-11-07 | 10 | CVE-2013-1751 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | 2019-11-05 | 9.4 | CVE-2010-3671 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | 2019-11-06 | 7.5 | CVE-2011-4628 MISC CONFIRM |
| xlockmore -- xlockmore | xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. | 2019-11-06 | 7.5 | CVE-2006-0061 MISC MISC MISC |
| xlockmore -- xlockmore | xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | 2019-11-06 | 7.5 | CVE-2006-0062 MISC MISC |
| youphptube -- youphptube | An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. | 2019-11-02 | 7.5 | CVE-2019-18662 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 360 -- multiple_routers | A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897. | 2019-11-04 | 6.5 | CVE-2018-19031 MISC |
| alqo -- alqo | alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19161 MISC MISC |
| amazon_web_services -- freertos+fat | Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache(). | 2019-11-04 | 5 | CVE-2019-18178 MISC |
| atlassian -- jira | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. | 2019-11-01 | 4 | CVE-2019-16909 MISC MISC |
| atlassian -- jira | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. | 2019-11-01 | 5 | CVE-2019-16908 MISC MISC |
| avast -- antivirus | A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | 2019-11-01 | 4.3 | CVE-2019-18653 MISC MISC |
| avg_technologies -- antivirus | A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | 2019-11-01 | 4.3 | CVE-2019-18654 MISC MISC |
| broadcom -- brocade_sannav | A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | 2019-11-08 | 5.8 | CVE-2019-16209 CONFIRM |
| broadcom -- brocade_sannav | Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | 2019-11-08 | 4.6 | CVE-2019-16207 CONFIRM |
| centurylink -- technicolor_c2000t_and_c2100t_modems | Technicolor C2000T and C2100T uses hard-coded cryptographic keys. | 2019-11-06 | 4.3 | CVE-2015-7276 MISC MISC |
| cisco -- enterprise_chat_and_email | A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1. | 2019-11-05 | 4.3 | CVE-2019-1877 CISCO |
| cisco -- multiple_products | A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. | 2019-11-05 | 5 | CVE-2019-1978 CISCO |
| cisco -- multiple_products | A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy. | 2019-11-05 | 5 | CVE-2019-1980 CISCO |
| cisco -- multiple_products | A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked. | 2019-11-05 | 5 | CVE-2019-1981 CISCO |
| cisco -- multiple_products | A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. | 2019-11-05 | 5 | CVE-2019-1982 CISCO |
| cisco -- telepresence_advanced_media_gateway | A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition. | 2019-11-05 | 6.8 | CVE-2019-15966 CISCO |
| clamav -- clamav | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | 2019-11-05 | 5 | CVE-2019-12625 MISC |
| clamav -- clamav | ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | 2019-11-05 | 5 | CVE-2019-1789 MISC |
| cloakcoin -- cloakcoin | CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19167 MISC MISC |
| computing_for_good -- basic_laboratory_information_system | Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation. | 2019-11-06 | 5 | CVE-2019-5643 MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting | 2019-11-05 | 4.3 | CVE-2013-4107 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 has Remote Denial of Service via username | 2019-11-04 | 5 | CVE-2013-4100 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure | 2019-11-04 | 5 | CVE-2013-4105 MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness | 2019-11-04 | 5 | CVE-2013-4101 MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat has an Unspecified Chat Participant User List Disclosure | 2019-11-05 | 5 | CVE-2013-4110 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat strophe.js before 2.0.22 has information disclosure | 2019-11-04 | 5 | CVE-2013-2262 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness | 2019-11-04 | 6.4 | CVE-2013-4102 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness | 2019-11-04 | 5 | CVE-2013-2260 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure | 2019-11-04 | 5 | CVE-2013-2261 MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol | 2019-11-04 | 5 | CVE-2013-4104 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.22 has Nickname User Impersonation | 2019-11-04 | 5 | CVE-2013-2258 MISC MISC MISC |
| cryptocat_project -- cryptocat | Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness | 2019-11-04 | 5 | CVE-2013-2257 MISC MISC MISC |
| diamond -- diamond | Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19160 MISC MISC |
| divi_project -- divi | Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19162 MISC MISC |
| djvulibre -- djvulibre | DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. | 2019-11-07 | 5 | CVE-2019-18804 MISC MLIST MISC |
| eclipse -- jetty | Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. | 2019-11-06 | 4.3 | CVE-2009-5048 MISC MISC MLIST |
| eclipse -- jetty | WebApp JSP Snoop page XSS in jetty though 6.1.21. | 2019-11-06 | 4.3 | CVE-2009-5049 MISC MISC MLIST |
| emercoin -- emercoin | emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | 2019-11-05 | 5 | CVE-2018-19152 MISC MISC |
| f5 -- big-ip | On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. | 2019-11-01 | 4 | CVE-2019-6658 CONFIRM |
| f5 -- big-ip | On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. | 2019-11-01 | 4.3 | CVE-2019-6657 CONFIRM |
| fastweb -- fastgate | Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. | 2019-11-02 | 5 | CVE-2019-18661 MISC MISC |
| federal_communications_commission -- wireless_emergency_alerts | The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. | 2019-11-02 | 5 | CVE-2019-18659 MISC |
| forcepoint -- email_security | It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. | 2019-11-05 | 4.3 | CVE-2019-6142 CONFIRM |
| foswiki -- foswiki | Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | 2019-11-01 | 6.8 | CVE-2013-1666 CONFIRM MISC MISC MISC |
| freebsd -- nsd | FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. | 2019-11-01 | 4.3 | CVE-2012-2979 MISC CONFIRM MISC |
| glpi_project -- glpi | GLPI 0.83.7 has Local File Inclusion in common.tabs.php. | 2019-11-01 | 5 | CVE-2013-2227 MISC MISC MISC MISC MISC |
| gnome -- evince | evince is missing a check on number of pages which can lead to a segmentation fault | 2019-11-01 | 4.3 | CVE-2013-3718 MISC MISC MISC MISC |
| gnu -- glibc | slim has NULL pointer dereference when using crypt() method from glibc 2.17 | 2019-11-04 | 5 | CVE-2013-4412 MISC MISC MISC MISC MISC MISC |
| gnuboard -- gnuboard5 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter. | 2019-11-07 | 4.3 | CVE-2018-18674 MISC MISC MISC |
| gource -- gource | Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | 2019-11-07 | 5.5 | CVE-2010-2449 CONFIRM MISC BID |
| gs-gpl -- gs-gpl | I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. | 2019-11-01 | 6.8 | CVE-2005-2352 MISC MISC |
| horde -- groupware_webmail_edition | Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | 2019-11-05 | 4.3 | CVE-2013-6275 MISC MISC MISC MISC MISC MISC MISC |
| htmlcoin -- htmlcoin | HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | 2019-11-05 | 5 | CVE-2018-19154 MISC MISC |
| icoutils -- icoutils | The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 2019-11-04 | 6.8 | CVE-2017-5332 SUSE SUSE SUSE REDHAT DEBIAN MLIST BID UBUNTU CONFIRM CONFIRM |
| icoutils -- icoutils | Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 2019-11-04 | 4.6 | CVE-2017-5331 SUSE SUSE SUSE DEBIAN MLIST BID UBUNTU CONFIRM |
| icoutils -- icoutils | Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | 2019-11-04 | 6.8 | CVE-2017-5333 SUSE SUSE SUSE REDHAT DEBIAN MLIST BID UBUNTU CONFIRM CONFIRM |
| internet_systems_consortium -- bind | There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. | 2019-11-01 | 5 | CVE-2019-6470 CONFIRM REDHAT CONFIRM CONFIRM CONFIRM |
| investintech -- able2extract_professional | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file. | 2019-11-05 | 6.8 | CVE-2019-5089 MISC |
| investintech -- able2extract_professional | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file. | 2019-11-05 | 6.8 | CVE-2019-5088 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure. | 2019-11-06 | 5 | CVE-2019-18674 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. | 2019-11-06 | 6.8 | CVE-2019-18650 MISC |
| konversation -- konversation | konversation before 1.2.3 allows attackers to cause a denial of service. | 2019-11-06 | 5 | CVE-2009-5050 MISC MISC MLIST |
| kubernetes -- kube-state-metrics | A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. | 2019-11-05 | 4 | CVE-2019-10223 CONFIRM MISC |
| lead_technologies -- leadtools | An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. | 2019-11-06 | 6.8 | CVE-2019-5125 MISC |
| lead_technologies -- leadtools | An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF image to trigger this vulnerability. | 2019-11-06 | 6.8 | CVE-2019-5084 MISC |
| lead_technologies -- leadtools | An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability. | 2019-11-06 | 6.8 | CVE-2019-5100 MISC |
| lead_technologies -- leadtools | An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability. | 2019-11-06 | 6.8 | CVE-2019-5099 MISC |
| linux -- linux_kernel | Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11. | 2019-11-07 | 5 | CVE-2019-18807 MISC MISC |
| linux -- linux_kernel | ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | 2019-11-01 | 4.6 | CVE-2013-4367 MISC MISC |
| linux -- linux_kernel | A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. | 2019-11-07 | 5 | CVE-2019-18808 MISC |
| linux -- linux_kernel | An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. | 2019-11-04 | 6.9 | CVE-2019-18683 MLIST MISC MISC |
| luxcore -- luxcoin | lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19159 MISC MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway. | 2019-11-06 | 6.5 | CVE-2019-8151 MISC |
| magento -- magento | A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database. | 2019-11-06 | 4 | CVE-2019-8143 MISC |
| magento -- magento | Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page. | 2019-11-05 | 5 | CVE-2019-8116 MISC |
| magento -- magento | Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. | 2019-11-05 | 5 | CVE-2019-8113 MISC |
| magento -- magento | A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation. | 2019-11-05 | 5 | CVE-2019-8112 MISC |
| magento -- magento | A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation. | 2019-11-05 | 6.5 | CVE-2019-8127 MISC |
| magento -- magento | A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates. | 2019-11-06 | 6.5 | CVE-2019-8130 MISC |
| magento -- magento | In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. | 2019-11-06 | 6.5 | CVE-2019-8231 MISC |
| magento -- magento | Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. | 2019-11-05 | 5 | CVE-2019-8118 MISC |
| magento -- magento | An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. | 2019-11-05 | 5 | CVE-2019-8123 MISC |
| magento -- magento | A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables. | 2019-11-06 | 6.5 | CVE-2019-8134 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update. | 2019-11-06 | 6.5 | CVE-2019-8137 MISC |
| magento -- magento | In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path. | 2019-11-06 | 6.5 | CVE-2019-8230 MISC |
| magento -- magento | In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates. | 2019-11-06 | 6.5 | CVE-2019-8229 MISC |
| magento -- magento | A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution. | 2019-11-06 | 6.5 | CVE-2019-8156 MISC |
| magento -- magento | In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification. | 2019-11-06 | 6 | CVE-2019-8232 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution. | 2019-11-05 | 6 | CVE-2019-8109 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout. | 2019-11-06 | 6.5 | CVE-2019-8150 MISC |
| magento -- magento | In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. | 2019-11-06 | 4.3 | CVE-2019-8233 MISC |
| magento -- magento | A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious XSS payload. | 2019-11-06 | 4.3 | CVE-2019-8153 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. | 2019-11-05 | 6.5 | CVE-2019-8091 MISC |
| magento -- magento | An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file. | 2019-11-06 | 4 | CVE-2019-8140 MISC |
| magento -- magento | A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service. | 2019-11-06 | 4 | CVE-2019-8133 MISC |
| magento -- magento | An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure. | 2019-11-05 | 4 | CVE-2019-8126 MISC |
| magento -- magento | Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management. | 2019-11-05 | 4 | CVE-2019-8108 MISC |
| magento -- magento | An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks. | 2019-11-05 | 5 | CVE-2019-8124 MISC |
| magento -- magento | An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature. | 2019-11-05 | 5.5 | CVE-2019-8090 MISC |
| magento -- magento | Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions. | 2019-11-06 | 5 | CVE-2019-8155 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in the import functionality. | 2019-11-06 | 6.5 | CVE-2019-8141 MISC |
| magento -- magento | An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion. | 2019-11-05 | 5.5 | CVE-2019-8107 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. | 2019-11-05 | 6.5 | CVE-2019-8111 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload. | 2019-11-05 | 6.5 | CVE-2019-8114 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution. | 2019-11-05 | 6.5 | CVE-2019-8122 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution. | 2019-11-05 | 6.5 | CVE-2019-8125 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. | 2019-11-05 | 6.5 | CVE-2019-8110 MISC |
| magento -- magento | An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files. | 2019-11-05 | 6.5 | CVE-2019-8093 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution. | 2019-11-05 | 6.5 | CVE-2019-8119 MISC |
| mantisbt -- mantisbt | An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | 2019-11-07 | 4 | CVE-2013-1811 MISC MISC MISC CONFIRM MISC |
| miniupnpd -- miniupnpd | MiniUPnPd has information disclosure use of snprintf() | 2019-11-01 | 5 | CVE-2013-2600 MISC MISC MISC MISC MISC |
| mondo -- mondo | Mondo 2.24 has insecure handling of temporary files. | 2019-11-07 | 6.4 | CVE-2007-3915 MISC |
| navcoin -- navcoin | navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | 2019-11-05 | 5 | CVE-2018-19155 MISC MISC |
| neblio -- neblio | neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19165 MISC MISC |
| nicehash -- miner | An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses. | 2019-11-06 | 5 | CVE-2019-6120 MISC MISC |
| nicehash -- miner | A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address. | 2019-11-06 | 4.3 | CVE-2019-6122 MISC MISC |
| nicehash -- miner | An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information. | 2019-11-06 | 4.3 | CVE-2019-6121 MISC MISC |
| nokogiri_gem_for_ruby_on_rails -- nokogiri_gem_for_ruby_on_rails | Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 2019-11-05 | 4.3 | CVE-2013-6460 MISC MISC MISC MISC MISC MISC MISC |
| nokogiri_gem_for_ruby_on_rails -- nokogiri_gem_for_ruby_on_rails | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 2019-11-05 | 4.3 | CVE-2013-6461 MISC MISC MISC MISC MISC MISC |
| oetiker+partner -- smokeping | Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. | 2019-11-01 | 4.3 | CVE-2013-4168 MISC MISC MISC MISC MISC MISC |
| one_identity -- cloud_access_manager | One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | 2019-11-04 | 4.3 | CVE-2019-13497 MISC CONFIRM |
| one_identity -- cloud_access_manager | One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. | 2019-11-04 | 4.3 | CVE-2019-13496 MISC CONFIRM |
| open_build_service -- open_build_service | Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary | 2019-11-05 | 6.8 | CVE-2019-3685 CONFIRM |
| openstack -- keystone_and_compute | HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 2019-11-01 | 4.3 | CVE-2013-2255 MISC MISC MISC MISC MISC MISC MISC |
| openttd -- openttd | OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | 2019-11-07 | 4 | CVE-2012-0049 CONFIRM MISC MISC MISC MISC |
| oxid -- multiple_products | An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation. | 2019-11-05 | 6.8 | CVE-2019-17062 MISC |
| pagure -- pagure | Pagure: XSS possible in file attachment endpoint | 2019-11-06 | 4.3 | CVE-2016-1000037 MISC MISC MISC MISC |
| particl -- particl | particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | 2019-11-05 | 5 | CVE-2018-19153 MISC MISC |
| peercoin -- peercoin | peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19166 MISC MISC |
| pfsense -- pfsense | /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser. | 2019-11-02 | 4.3 | CVE-2019-18667 MISC |
| phantomjs -- phantomjs | PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed. | 2019-11-05 | 5 | CVE-2019-17221 MISC |
| phore -- phore | Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19157 MISC MISC |
| pivx -- pivx | PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19156 MISC MISC |
| popojicms -- popojicms | po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. | 2019-11-07 | 4.3 | CVE-2019-18816 MISC |
| popojicms -- popojicms | PopojiCMS 2.0.1 allows refer= Open Redirection. | 2019-11-07 | 5.8 | CVE-2019-18815 MISC |
| portainer -- portainer | Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | 2019-11-07 | 6.5 | CVE-2019-16877 MISC |
| portainer -- portainer | Portainer before 1.22.1 allows Directory Traversal. | 2019-11-07 | 5 | CVE-2019-16876 MISC |
| portainer -- portainer | Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). | 2019-11-07 | 4 | CVE-2019-16874 MISC |
| progress -- sitefinity_cms | Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title. | 2019-11-06 | 4.3 | CVE-2017-18639 MISC |
| qualcomm -- multiple_products | Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 4.6 | CVE-2019-10524 CONFIRM |
| qualcomm -- multiple_products | Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 | 2019-11-06 | 5 | CVE-2019-10504 CONFIRM |
| qualcomm -- multiple_products | DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 4.9 | CVE-2019-10515 CONFIRM |
| qualcomm -- multiple_products | Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | 2019-11-06 | 5 | CVE-2019-10488 CONFIRM |
| qualcomm -- multiple_products | Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24 | 2019-11-06 | 4.6 | CVE-2019-10502 CONFIRM MISC |
| qualcomm -- multiple_products | ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-11-06 | 4.6 | CVE-2019-10491 CONFIRM |
| qualcomm -- multiple_products | Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130 | 2019-11-06 | 4.6 | CVE-2019-10512 CONFIRM |
| qualcomm -- multiple_products | Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | 2019-11-06 | 4.6 | CVE-2019-10496 CONFIRM |
| qualcomm -- multiple_products | Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | 2019-11-06 | 4.6 | CVE-2019-10495 CONFIRM |
| quest -- kace_systems_management_appliance_server_center | Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir]. | 2019-11-06 | 6.5 | CVE-2019-13076 MISC MISC |
| quest -- kace_systems_management_appliance_server_center | Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users. | 2019-11-06 | 4.3 | CVE-2019-13077 MISC MISC |
| quest -- kace_systems_management_appliance_server_center | A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. | 2019-11-06 | 4.3 | CVE-2019-12917 MISC MISC |
| quest -- kace_systems_management_appliance_server_center | Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column. | 2019-11-06 | 6.5 | CVE-2019-13078 MISC MISC |
| quest -- kace_systems_management_appliance_server_center | Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME. | 2019-11-06 | 6.5 | CVE-2019-13079 MISC MISC |
| red_hat -- cloud_forms_management_engine | Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2019-11-01 | 4.3 | CVE-2013-0186 CONFIRM MISC |
| red_hat -- directory_server_8_and_389_directory_server | The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | 2019-11-05 | 5 | CVE-2010-2222 MISC MISC |
| red_hat -- jboss_aerogear | JBoss AeroGear has reflected XSS via the password field | 2019-11-04 | 4.3 | CVE-2014-3649 MISC MISC |
| reddcoin -- reddcoin | reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19164 MISC MISC |
| s9y -- serendipity | Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. | 2019-11-05 | 4.3 | CVE-2011-1135 CONFIRM DEBIAN SECTRACK MISC |
| s9y -- serendipity | Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. | 2019-11-05 | 4.3 | CVE-2011-1133 CONFIRM DEBIAN SECTRACK MISC |
| samba -- samba | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue. | 2019-11-06 | 4 | CVE-2019-14847 SUSE CONFIRM MISC |
| sap -- sap_hana_database | SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service | 2019-11-04 | 5 | CVE-2019-0350 MISC MISC |
| sass -- libsass | LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. | 2019-11-06 | 4.3 | CVE-2019-18797 MISC |
| sass -- libsass | LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. | 2019-11-06 | 4.3 | CVE-2019-18798 MISC |
| sass -- libsass | LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. | 2019-11-06 | 4.3 | CVE-2019-18799 MISC |
| scipy -- scipy | The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | 2019-11-04 | 4.6 | CVE-2013-4251 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| secudos -- domos | The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. | 2019-11-02 | 5 | CVE-2019-18665 MISC MISC MISC |
| sourceforge -- archivemail | archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. | 2019-11-06 | 6.8 | CVE-2006-4245 MISC MISC |
| stratisx_project -- stratisx | stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | 2019-11-05 | 5 | CVE-2018-19163 MISC MISC |
| symantec -- sonar_component | The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. | 2019-11-01 | 4.1 | CVE-2019-12752 CONFIRM |
| symfony -- symfony | php-symfony2-Validator has loss of information during serialization | 2019-11-01 | 4.9 | CVE-2013-4751 MISC MISC MISC MISC MISC MISC |
| typo3 -- typo3 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | 2019-11-06 | 4 | CVE-2011-4627 MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.5.4 allows Information Disclosure in the backend. | 2019-11-06 | 4 | CVE-2011-4900 MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | 2019-11-04 | 5 | CVE-2010-3668 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | 2019-11-04 | 5 | CVE-2010-3667 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | 2019-11-04 | 5 | CVE-2010-3666 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | 2019-11-04 | 4.9 | CVE-2010-3669 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | 2019-11-05 | 5 | CVE-2010-3673 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | 2019-11-06 | 4 | CVE-2011-4901 MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | 2019-11-06 | 4 | CVE-2011-4904 MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.4.1 allows XSS in the frontend search box. | 2019-11-05 | 4.3 | CVE-2010-3674 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | 2019-11-04 | 6.5 | CVE-2010-3663 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | 2019-11-06 | 5.5 | CVE-2011-4902 MISC CONFIRM |
| typo3 -- typo3 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | 2019-11-06 | 4.3 | CVE-2011-4903 MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | 2019-11-05 | 5.8 | CVE-2010-3670 MISC MISC CONFIRM |
| typo3 -- typo3 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | 2019-11-06 | 4.3 | CVE-2011-4626 MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | 2019-11-04 | 6.5 | CVE-2010-3662 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | 2019-11-01 | 5.8 | CVE-2010-3661 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. | 2019-11-05 | 4.3 | CVE-2010-3672 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | 2019-11-04 | 4 | CVE-2010-3664 MISC MISC CONFIRM |
| viewvc -- viewvc | viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 2019-11-07 | 4.3 | CVE-2007-5743 MISC MISC |
| websieve -- websieve | Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. | 2019-11-01 | 4.3 | CVE-2005-2350 MISC MISC |
| wordpress -- wordpress | An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price. | 2019-11-02 | 4 | CVE-2019-18668 MISC MISC MISC |
| wordpress -- wordpress | Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter. | 2019-11-06 | 4 | CVE-2014-9014 MISC MISC |
| wordpress -- wordpress | The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user. | 2019-11-06 | 6.5 | CVE-2014-9013 MISC |
| wordpress -- wordpress | An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. | 2019-11-06 | 5 | CVE-2018-20853 CONFIRM |
| zoho_manageengine -- adselfservice_plus | Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own. | 2019-11-06 | 6.8 | CVE-2019-18411 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| archos -- safe-t_devices | On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | 2019-11-02 | 1.9 | CVE-2019-14358 MISC |
| broadcom -- brocade_sannav | Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | 2019-11-08 | 2.1 | CVE-2019-16210 CONFIRM |
| dovecot -- dovecot | A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | 2019-11-05 | 2.1 | CVE-2016-4983 MISC MISC MISC |
| eximious -- logo_designer | Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053. | 2019-11-07 | 1.9 | CVE-2019-18821 MISC |
| eximious -- logo_designer | Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78. | 2019-11-07 | 2.1 | CVE-2019-18820 MISC |
| eximious -- logo_designer | Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7. | 2019-11-07 | 2.1 | CVE-2019-18819 MISC |
| horde -- groupware_webmail_edition | Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | 2019-11-05 | 2.6 | CVE-2013-6365 MISC MISC MISC MISC MISC MISC |
| hyundai -- pay_kasse_hk-1000_devices | On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | 2019-11-02 | 1.9 | CVE-2019-14360 MISC |
| jitbit -- asp_.net_forum | A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. | 2019-11-01 | 3.5 | CVE-2019-18636 MISC MISC |
| lightbend -- play_framework | An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host. | 2019-11-05 | 3.5 | CVE-2019-17598 MISC CONFIRM |
| linux -- linux_kernel | In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. | 2019-11-06 | 2.1 | CVE-2019-18786 MISC |
| linux -- linux_kernel | A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. | 2019-11-07 | 2.1 | CVE-2019-18806 MISC MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event. | 2019-11-06 | 3.5 | CVE-2019-8138 MISC |
| magento -- magento | in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. | 2019-11-06 | 3.5 | CVE-2019-8228 MISC |
| magento -- magento | In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | 2019-11-06 | 3.5 | CVE-2019-8227 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization. | 2019-11-06 | 3.5 | CVE-2019-8157 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products. | 2019-11-06 | 3.5 | CVE-2019-8145 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder. | 2019-11-06 | 3.5 | CVE-2019-8148 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label. | 2019-11-06 | 3.5 | CVE-2019-8147 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores. | 2019-11-06 | 3.5 | CVE-2019-8146 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard. | 2019-11-06 | 3.5 | CVE-2019-8152 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website. | 2019-11-06 | 3.5 | CVE-2019-8128 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store. | 2019-11-06 | 3.5 | CVE-2019-8142 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard. | 2019-11-06 | 3.5 | CVE-2019-8132 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation. | 2019-11-06 | 3.5 | CVE-2019-8129 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source. | 2019-11-06 | 3.5 | CVE-2019-8131 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address. | 2019-11-05 | 3.5 | CVE-2019-8120 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification. | 2019-11-05 | 3.5 | CVE-2019-8117 MISC |
| magento -- magento | A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation. | 2019-11-05 | 3.5 | CVE-2019-8115 MISC |
| magento -- magento | A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview. | 2019-11-05 | 3.5 | CVE-2019-8092 MISC |
| magento -- magento | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product. | 2019-11-06 | 3.5 | CVE-2019-8139 MISC |
| multiple_vendors -- bind_and_nsd_and_knot_name_servers | Cache Poisoning issue exists in DNS Response Rate Limiting. | 2019-11-05 | 2.6 | CVE-2013-5661 MISC MISC MISC |
| oracle -- mysql | MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | 2019-11-06 | 2.1 | CVE-2010-4178 MISC MISC MISC MISC |
| portainer -- portainer | Portainer before 1.22.1 has XSS (issue 2 of 2). | 2019-11-07 | 3.5 | CVE-2019-16878 MISC |
| portainer -- portainer | Portainer before 1.22.1 has XSS (issue 1 of 2). | 2019-11-07 | 3.5 | CVE-2019-16873 MISC |
| qualcomm -- multiple_products | While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | 2019-11-06 | 2.1 | CVE-2019-2275 CONFIRM |
| quest -- kace_systems_management_appliance_server_center | Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser. | 2019-11-06 | 3.5 | CVE-2019-13080 MISC MISC |
| quest -- kace_systems_management_appliance_server_center | Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser. | 2019-11-06 | 3.5 | CVE-2019-13081 MISC MISC |
| red_hat -- enterprise_linux_7_and_mrg-2 | The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | 2019-11-06 | 2.1 | CVE-2014-8181 MISC |
| red_hat -- virtual_desktop_server_manager | Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | 2019-11-04 | 2.1 | CVE-2013-4280 MISC MISC MISC |
| red_hat -- cloudforms | CloudForms stores user passwords in recoverable format | 2019-11-04 | 2.1 | CVE-2013-4423 MISC MISC |
| red_hat -- update_infrastructure | RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates | 2019-11-04 | 2.1 | CVE-2013-4518 MISC MISC |
| redislabs -- redis | Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | 2019-11-01 | 3.6 | CVE-2013-0180 MLIST MISC |
| redislabs -- redis | Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. | 2019-11-01 | 3.6 | CVE-2013-0178 MISC MISC MISC MISC MISC MISC |
| rhq -- mongo_db_drift_server | An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. | 2019-11-04 | 3.6 | CVE-2013-4374 MISC MISC |
| secudos -- domos | The Log module in SECUDOS DOMOS before 5.6 allows XSS. | 2019-11-02 | 3.5 | CVE-2019-18664 MISC MISC |
| shift_cryptosecurity -- bitbox02 | On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. Note: BIP39 secrets are not displayed by default on this device. The side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | 2019-11-02 | 1.9 | CVE-2019-18673 MISC |
| typo3 -- typo3 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | 2019-11-06 | 3.5 | CVE-2011-4632 MISC CONFIRM |
| typo3 -- typo3 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | 2019-11-06 | 3.5 | CVE-2011-4631 MISC CONFIRM |
| typo3 -- typo3 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | 2019-11-06 | 3.5 | CVE-2011-4630 MISC CONFIRM |
| typo3 -- typo3 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | 2019-11-06 | 3.5 | CVE-2011-4629 MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | 2019-11-04 | 3.5 | CVE-2010-3665 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | 2019-11-01 | 3.5 | CVE-2010-3660 MISC MISC CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alsa_project -- alsa-utils | alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | 2019-11-09 | not yet calculated | CVE-2009-0035 MISC MISC MISC |
| apache -- arrow | While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. | 2019-11-08 | not yet calculated | CVE-2019-12410 MLIST MLIST MLIST |
| apache -- arrow | It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. | 2019-11-08 | not yet calculated | CVE-2019-12408 CONFIRM MLIST |
| apache -- cxf | Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". | 2019-11-06 | not yet calculated | CVE-2019-12406 CONFIRM |
| apache -- cxf | Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. | 2019-11-06 | not yet calculated | CVE-2019-12419 CONFIRM |
| apache -- impala | In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. | 2019-11-05 | not yet calculated | CVE-2019-10084 MLIST CONFIRM |
| apache -- qpid-cpp | qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | 2019-11-09 | not yet calculated | CVE-2009-5004 MISC MISC MISC MISC |
| arm -- mbed_os | A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on. | 2019-11-04 | not yet calculated | CVE-2019-17210 CONFIRM |
| arm -- mbed_os | An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message. | 2019-11-05 | not yet calculated | CVE-2019-17211 MISC MISC MISC MISC MISC MISC MISC MISC |
| arm -- mbed_os | Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated. | 2019-11-05 | not yet calculated | CVE-2019-17212 MISC MISC MISC MISC MISC MISC MISC |
| atlassian -- jira_service_desk_server_and_service_desk_data_center | The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | 2019-11-07 | not yet calculated | CVE-2019-15004 MISC MISC BUGTRAQ |
| atlassian -- jira_service_desk_server_and_service_desk_data_center | The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | 2019-11-07 | not yet calculated | CVE-2019-15003 MISC MISC BUGTRAQ |
atlassian -- multiple_products | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2. | 2019-11-08 | not yet calculated | CVE-2019-15005 MISC |
| broadcom -- brocade_sannav | A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | 2019-11-08 | not yet calculated | CVE-2019-16205 CONFIRM |
| broadcom -- brocade_sannav | Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | 2019-11-08 | not yet calculated | CVE-2019-16208 CONFIRM |
| broadcom -- brocade_sannav | The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | 2019-11-08 | not yet calculated | CVE-2019-16206 CONFIRM |
centrify -- authentication_service_and_privilege_elevation_service | The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file. | 2019-11-05 | not yet calculated | CVE-2019-18631 CONFIRM |
| ceph -- ceph | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. | 2019-11-08 | not yet calculated | CVE-2019-10222 CONFIRM MISC |
| cisco-- fxos_and_nx-os_software | A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. | 2019-11-05 | not yet calculated | CVE-2019-1734 CISCO |
| clamav -- clamav | clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | 2019-11-07 | not yet calculated | CVE-2007-6745 MISC MISC MISC |
| cross-origin_resource_sharing -- cross-origin_resource_sharing | It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. | 2019-11-08 | not yet calculated | CVE-2019-14860 CONFIRM |
| dell_emc -- idrac8 | Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. | 2019-11-07 | not yet calculated | CVE-2019-3764 CONFIRM |
| drupal -- drupal | Drupal 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. | 2019-11-07 | not yet calculated | CVE-2010-2250 MISC CONFIRM MLIST |
| drupal -- drupal | drupal6 version 6.16 has open redirection | 2019-11-06 | not yet calculated | CVE-2010-2471 MISC MISC MISC CONFIRM MLIST |
| drupal -- drupal | Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. | 2019-11-07 | not yet calculated | CVE-2010-2472 MISC CONFIRM MLIST |
| drupal -- drupal | Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | 2019-11-07 | not yet calculated | CVE-2010-2473 MISC CONFIRM MLIST |
| dtc-xen -- dtc-xen | dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. | 2019-11-09 | not yet calculated | CVE-2009-4011 MISC MISC MISC |
| eclipse -- jetty | Dump Servlet information leak in jetty before 6.1.22. | 2019-11-06 | not yet calculated | CVE-2009-5045 MISC MISC MLIST |
| eclipse -- jetty | JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | 2019-11-06 | not yet calculated | CVE-2009-5046 MISC MISC MLIST |
| energycap -- energycap | Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard. | 2019-11-08 | not yet calculated | CVE-2019-18623 CONFIRM CONFIRM |
| eyecomms -- eyecms | A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed. | 2019-11-07 | not yet calculated | CVE-2019-17605 MISC MISC |
| eyecomms -- eyecms | An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter). | 2019-11-07 | not yet calculated | CVE-2019-17604 MISC MISC |
| firegpg -- firegpg | FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key. | 2019-11-08 | not yet calculated | CVE-2008-7272 MISC MISC MISC |
| gambas -- gambas | Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | 2019-11-07 | not yet calculated | CVE-2013-1809 MISC MISC MISC MISC MISC CONFIRM |
| gdm3 -- gdm3 | gdm3 3.14.2 and possibly later has an information leak before screen lock | 2019-11-05 | not yet calculated | CVE-2016-1000002 MISC MISC MISC MISC |
| gitolite -- gitolite | gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | 2019-11-07 | not yet calculated | CVE-2010-2447 CONFIRM CONFIRM CONFIRM MISC MLIST |
| google -- chrome | Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function. | 2019-11-07 | not yet calculated | CVE-2011-2353 MISC MISC MISC MISC |
| google -- chrome | Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13. | 2019-11-07 | not yet calculated | CVE-2011-2807 MISC MISC |
| google -- chrome | WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. | 2019-11-05 | not yet calculated | CVE-2011-1460 MISC MISC MISC |
| google -- chrome | A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms. | 2019-11-07 | not yet calculated | CVE-2011-2337 MISC MISC MISC |
| google -- chrome | The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin. | 2019-11-05 | not yet calculated | CVE-2011-1459 MISC MISC MISC |
| google -- chrome | An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function. | 2019-11-06 | not yet calculated | CVE-2011-1298 MISC MISC MISC |
| google -- chrome | An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. | 2019-11-07 | not yet calculated | CVE-2011-2336 MISC MISC MISC |
| google -- chrome | A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed. | 2019-11-06 | not yet calculated | CVE-2011-2808 MISC MISC MISC MISC MISC MISC MISC |
| hibernate -- hibernate_validator | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | 2019-11-08 | not yet calculated | CVE-2019-10219 CONFIRM |
| horde -- groupware_webmail_edition | Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | 2019-11-05 | not yet calculated | CVE-2013-6364 MISC MISC MISC MISC MISC MISC |
| hp -- inkjet_priniters | For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device. | 2019-11-07 | not yet calculated | CVE-2019-6337 MISC |
| hp -- multiple_products | A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. | 2019-11-05 | not yet calculated | CVE-2019-16284 CONFIRM |
| hpe -- nimble_storage_systems | Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older | 2019-11-07 | not yet calculated | CVE-2019-11996 CONFIRM |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369. | 2019-11-09 | not yet calculated | CVE-2018-1721 XF CONFIRM |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271. | 2019-11-09 | not yet calculated | CVE-2019-4334 XF CONFIRM |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. | 2019-11-09 | not yet calculated | CVE-2019-4645 XF CONFIRM |
| ibm -- cognos_controller | IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659. | 2019-11-09 | not yet calculated | CVE-2019-4412 XF CONFIRM |
| ibm -- cognos_controller | IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. | 2019-11-09 | not yet calculated | CVE-2019-4411 XF CONFIRM |
| ibm -- i | IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. | 2019-11-09 | not yet calculated | CVE-2019-4450 XF CONFIRM |
| ibm -- qradar | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618. | 2019-11-09 | not yet calculated | CVE-2019-4454 XF CONFIRM |
| ibm -- qradar | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239. | 2019-11-09 | not yet calculated | CVE-2019-4581 XF CONFIRM |
| ibm -- qradar | IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205. | 2019-11-09 | not yet calculated | CVE-2019-4556 XF CONFIRM |
| ibm -- qradar | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. | 2019-11-09 | not yet calculated | CVE-2019-4509 XF CONFIRM |
| ibm -- qradar | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779. | 2019-11-09 | not yet calculated | CVE-2019-4470 XF CONFIRM |
| intelbras -- wrn_150_devices | An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | 2019-11-07 | not yet calculated | CVE-2019-17222 MISC |
| ldap-git-backup -- ldap-git-backup | ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | 2019-11-07 | not yet calculated | CVE-2013-1425 CONFIRM MISC MISC |
| liboping -- liboping | liboping 1.3.2 allows users reading arbitrary files upon the local system. | 2019-11-09 | not yet calculated | CVE-2009-3614 MISC MISC |
| lintian -- lintian | Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | 2019-11-07 | not yet calculated | CVE-2013-1429 MISC MISC MISC MISC |
| linux -- linux_kernel | In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. | 2019-11-07 | not yet calculated | CVE-2007-3732 MISC MISC MISC |
| magento -- magento | Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication. | 2019-11-06 | not yet calculated | CVE-2019-8149 MISC |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update. | 2019-11-06 | not yet calculated | CVE-2019-8154 MISC |
| mahara -- mahara | Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. | 2019-11-07 | not yet calculated | CVE-2013-1426 CONFIRM CONFIRM MISC |
| makepasswd -- makepasswd | makepasswd 1.10 default settings generate insecure passwords | 2019-11-06 | not yet calculated | CVE-2010-2247 MISC MISC |
| mantisbt -- mantisbt | MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | 2019-11-09 | not yet calculated | CVE-2009-2802 CONFIRM CONFIRM MISC |
| matrix -- synapse | Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. | 2019-11-08 | not yet calculated | CVE-2019-18835 MISC MISC |
| medtronic -- valleylab_exchange_client_server | Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. | 2019-11-08 | not yet calculated | CVE-2019-13539 MISC |
| medtronic -- valleylab_exchange_client_server | Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | 2019-11-08 | not yet calculated | CVE-2019-13543 MISC |
| medtronic -- valleylab_ft10_energy_platform | In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. | 2019-11-08 | not yet calculated | CVE-2019-13531 MISC |
| medtronic -- valleylab_ft10_energy_platform | In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | 2019-11-08 | not yet calculated | CVE-2019-13535 MISC |
| mesa_3d -- mesa_3d_graphics_library | An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. | 2019-11-05 | not yet calculated | CVE-2019-5068 MISC |
| mod_ruid2 -- mod_ruid2 | mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. | 2019-11-08 | not yet calculated | CVE-2013-1889 MISC MISC MISC CONFIRM |
| monkeyd -- monkeyd | The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | 2019-11-07 | not yet calculated | CVE-2013-1771 MISC MISC |
| nvidia -- geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution. | 2019-11-09 | not yet calculated | CVE-2019-5701 CONFIRM |
| nvidia -- geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. | 2019-11-09 | not yet calculated | CVE-2019-5689 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service. | 2019-11-09 | not yet calculated | CVE-2019-5697 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service. | 2019-11-09 | not yet calculated | CVE-2019-5696 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service. | 2019-11-09 | not yet calculated | CVE-2019-5698 CONFIRM |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service. | 2019-11-09 | not yet calculated | CVE-2019-5693 CONFIRM |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges. | 2019-11-09 | not yet calculated | CVE-2019-5690 CONFIRM |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service. | 2019-11-09 | not yet calculated | CVE-2019-5692 CONFIRM |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access. | 2019-11-09 | not yet calculated | CVE-2019-5694 MISC |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges. | 2019-11-09 | not yet calculated | CVE-2019-5691 CONFIRM |
| openstack -- mistral | An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. | 2019-11-08 | not yet calculated | CVE-2019-3866 CONFIRM |
| patriot -- viper_rgb | The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. | 2019-11-09 | not yet calculated | CVE-2019-18845 MISC |
| philips -- tasy_emr | In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. | 2019-11-08 | not yet calculated | CVE-2019-13557 MISC |
| phpoffice -- phpspreadsheet | PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ?<!ENTITY? and thus allowing for an xml external entity processing (XXE) attack. | 2019-11-07 | not yet calculated | CVE-2019-12331 CONFIRM MISC |
| python_packaging_authority -- python_package_installer | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | 2019-11-05 | not yet calculated | CVE-2013-5123 MISC MISC MISC MISC MISC MISC MISC MISC |
| rapid7 -- metasploit_pro | Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface. | 2019-11-06 | not yet calculated | CVE-2019-5642 CONFIRM |
| red_hat -- 389_directory_server | A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. | 2019-11-08 | not yet calculated | CVE-2019-14824 CONFIRM |
| red_hat -- enterprise_linux_5 | frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user. | 2019-11-07 | not yet calculated | CVE-2008-3278 MISC MISC MISC |
| red_hat -- jboss_operations_network | In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | 2019-11-08 | not yet calculated | CVE-2008-5083 MISC MISC |
| red_hat -- tuned | tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | 2019-11-08 | not yet calculated | CVE-2013-1820 MISC MISC MISC |
| red_hat -- virtualization_manager | In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | 2019-11-09 | not yet calculated | CVE-2009-3552 MISC MISC BUGTRAQ |
| samba -- samba | A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. | 2019-11-06 | not yet calculated | CVE-2019-14833 SUSE CONFIRM MISC |
| samba -- samba | A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. | 2019-11-06 | not yet calculated | CVE-2019-10218 SUSE CONFIRM MISC |
| samsung -- multiple_products | Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status. | 2019-11-06 | not yet calculated | CVE-2019-16401 MISC |
| samsung -- multiple_products | Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks. | 2019-11-06 | not yet calculated | CVE-2019-16400 MISC |
| shibboleth -- shibboleth_service_provider | The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | 2019-11-07 | not yet calculated | CVE-2010-2450 MISC MISC CONFIRM |
| simplesamlphp -- simplesamlphp | Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. | 2019-11-07 | not yet calculated | CVE-2019-3465 MISC MLIST BUGTRAQ MISC DEBIAN |
| simplesamlphp -- simplesamlphp | simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. | 2019-11-06 | not yet calculated | CVE-2011-4625 MISC MISC |
| strapi -- strapi | strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. | 2019-11-07 | not yet calculated | CVE-2019-18818 MISC MISC MISC |
| syscp -- syscp | syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | 2019-11-07 | not yet calculated | CVE-2010-2476 MISC MISC MLIST |
| tahoe-lafs -- tahoe-lafs | Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. | 2019-11-07 | not yet calculated | CVE-2012-0051 MISC MISC MISC MISC MISC CONFIRM |
termpkg -- termpkg | termpkg 3.3 suffers from buffer overflow. | 2019-11-06 | not yet calculated | CVE-2006-3100 MISC MISC |
| tmaxsoft -- jeus | JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. | 2019-11-08 | not yet calculated | CVE-2019-17327 MISC |
| veritas -- multiple_products | An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows. | 2019-11-05 | not yet calculated | CVE-2019-18780 MISC MISC MISC MISC |
| viber -- viber | Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 16 bytes of udid in a binary format, which is located at approximately offset 0x40 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS. | 2019-11-06 | not yet calculated | CVE-2019-18800 MISC |
| wolfssl -- wolfssl | In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. | 2019-11-09 | not yet calculated | CVE-2019-18840 MISC |
| wordpress -- wordpress | A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. | 2019-11-08 | not yet calculated | CVE-2019-17661 MISC |
| zte -- mf910s_router | Security researcher Shen Ying from the Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security. | 2019-11-07 | not yet calculated | CVE-2019-3422 CONFIRM |
| zte -- zxupn-9000e | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. | 2019-11-08 | not yet calculated | CVE-2019-3426 CONFIRM |
| zte -- zxupn-9000e | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. | 2019-11-08 | not yet calculated | CVE-2019-3425 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.