Vulnerability Summary for the Week of December 9, 2019

Released
Dec 16, 2019
Document ID
SB19-350

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
amazon -- blink_xt2_cameraBlink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.2019-12-118.3CVE-2019-3988
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.2019-12-118.3CVE-2019-3987
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.2019-12-118.3CVE-2019-3986
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.2019-12-117.2CVE-2019-3983
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.2019-12-119.3CVE-2019-3989
CONFIRM
amazon -- blink_xt2_camera
 
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.2019-12-118.3CVE-2019-3985
CONFIRM
electronic_arts -- originElectronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).2019-12-127.2CVE-2019-19247
MISC
electronic_arts -- originElectronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).2019-12-127.2CVE-2019-19248
CONFIRM
git_project -- git
 
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.2019-12-1110CVE-2019-19604
MLIST
MISC
CONFIRM
CONFIRM
DEBIAN
google -- androidIn handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1406326782019-12-067.8CVE-2019-2232
MISC
google -- androidIn ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1403289862019-12-069.3CVE-2019-2224
MISC
google -- android
 
In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1411691732019-12-067.2CVE-2019-2218
MISC
google -- android
 
In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1410037962019-12-067.2CVE-2019-2217
MISC
ibm -- cloud_pak_system
 
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.2019-12-1010CVE-2019-4521
XF
CONFIRM
ibm -- spectrum_scaleIBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.2019-12-119CVE-2019-4715
XF
CONFIRM
intesync -- solismed
 
Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.2019-12-127.5CVE-2019-15931
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp has Incorrect Access Control.2019-12-127.5CVE-2019-15932
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp has SQL Injection.2019-12-127.5CVE-2019-15933
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp allows Insecure File Upload.2019-12-127.5CVE-2019-15936
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.2019-12-127.5CVE-2019-16246
MISC
MISC
MISC
libsixel_project -- libsixelAn issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.2019-12-087.5CVE-2019-19636
MISC
libsixel_project -- libsixelAn issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.2019-12-087.5CVE-2019-19635
MISC
libsixel_project -- libsixelAn issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.2019-12-087.5CVE-2019-19637
MISC
libsixel_project -- libsixelAn issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.2019-12-087.5CVE-2019-19638
MISC
libyang -- libyang
 
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.2019-12-067.5CVE-2019-19333
CONFIRM
CONFIRM
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.2019-12-107.6CVE-2019-1485
MISC
microsoft -- multiple_products
 
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.2019-12-107.1CVE-2019-1461
MISC
microsoft -- multiple_products
 
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.2019-12-109.3CVE-2019-1462
MISC
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483.2019-12-107.2CVE-2019-1476
MISC
MISC
microsoft -- multiple_windows_productsA remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.2019-12-109.3CVE-2019-1468
MISC
MISC

microsoft -- multiple_windows_products

 

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.2019-12-107.2CVE-2019-1458
MISC
microsoft -- windows_10_and_windows_server_2019An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'.2019-12-107.2CVE-2019-1477
MISC
microsoft -- windows_10_and_windows_server_and_windows_server_2019
 
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1476.2019-12-107.2CVE-2019-1483
MISC
MISC
microsoft -- windows_7_and_windows_server_2008_and_windows_server_2008_r2
 
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.2019-12-107.2CVE-2019-1478
MISC
monkey_project -- monkey_http_daemon
 
Monkey HTTP Daemon: broken user name authentication2019-12-107.5CVE-2013-2159
MISC
MISC
MISC
MISC
nolio -- ca_release_automationAn unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.2019-12-097.5CVE-2019-19230
MISC
FULLDISC
BUGTRAQ
CONFIRM
octeth -- oempro
 
Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.2019-12-127.5CVE-2019-19740
MISC
MISC
ovirt -- ovirt_node
 
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation2019-12-107.2CVE-2013-0293
MISC
MISC
MISC
MISC
MISC
qualcomm -- multiple_snapdragon_productsPossibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR21302019-12-1210CVE-2019-10511
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR11302019-12-127.2CVE-2019-2288
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR21302019-12-127.2CVE-2019-2321
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR21302019-12-1210CVE-2019-10493
CONFIRM
qualcomm -- multiple_snapdragon_products
 
While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR21302019-12-127.8CVE-2019-2337
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302019-12-127.5CVE-2019-10559
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR21302019-12-127.8CVE-2019-10485
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR21302019-12-1210CVE-2019-2320
CONFIRM
sitevision -- sitevision
 
SiteVision 4 allows Remote Code Execution.2019-12-069CVE-2019-12733
MISC
FULLDISC
FULLDISC
MISC
MISC
MISC
sqlite -- sqliteSQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.2019-12-097.5CVE-2019-19603
MISC
MISC
symantec -- messaging_gatewaySymantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.2019-12-117.5CVE-2019-18379
MISC
sysstat_project -- sysstatsysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.2019-12-117.5CVE-2019-19725
MISC
trend_micro -- security_2020
 
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.2019-12-097.5CVE-2019-18190
MISC
weidmueller -- multiple_devicesAn issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.2019-12-067.5CVE-2019-16670
MISC
MISC
MISC
MISC
zoho_manageengine -- applications_managerZoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.2019-12-117.5CVE-2019-19649
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accentis -- content_resource_management_systemCross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.2019-12-094.3CVE-2015-3425
MISC
accentis -- content_resource_management_systemSQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.2019-12-096.5CVE-2015-3424
MISC
atasm -- atasm
 
ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.2019-12-136.8CVE-2019-19786
MISC
atasm -- atasm
 
ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.2019-12-136.8CVE-2019-19787
MISC
atasm -- atasm
 
ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file.2019-12-136.8CVE-2019-19785
MISC
atlassian -- fisheye_and_crucibleThe /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.2019-12-114CVE-2019-15009
MISC
MISC
atlassian -- fisheye_and_crucible
 
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.2019-12-114.3CVE-2019-15008
MISC
MISC
atlassian -- jiraThe Work Time Calendar app before 4.7.1 for Jira allows XSS.2019-12-124.3CVE-2019-19748
MISC
audible -- audibleThe Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service.2019-12-064.3CVE-2019-11554
MISC
cacti -- cactiCacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.2019-12-125.5CVE-2019-17358
MISC
MISC
MISC
MISC
MISC
MISC
MISC
commenthol -- serialize-to-js
 
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.2019-12-074.3CVE-2019-16772
MISC
CONFIRM
davical -- davical
 
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.2019-12-124.3CVE-2019-18345
MISC
MISC
MISC
MLIST
MISC
MISC
DEBIAN
documize -- documize
 
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.2019-12-064.3CVE-2019-19619
MISC
MISC
MISC
gnome -- libxsltType confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.2019-12-115CVE-2019-5815
MISC
MISC
gnome -- orca
 
Orca has arbitrary code execution due to insecure Python module load2019-12-114.4CVE-2013-4245
MISC
MISC
MISC
MISC
google -- androidWhen pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1104338042019-12-065.8CVE-2019-2225
MISC
google -- androidIn array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1112101962019-12-064.9CVE-2019-2228
MISC
google -- androidIn checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-1386369792019-12-064.9CVE-2019-2220
MISC
google -- androidIn various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1410280682019-12-064.3CVE-2019-9464
MISC
google -- android

 

In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1406921292019-12-066.8CVE-2019-2223
MISC
google -- android
 
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1385836502019-12-064.6CVE-2019-2221
MISC
google -- android
 
In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-1190416982019-12-064.7CVE-2019-2219
MISC
google -- android
 
In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1411700382019-12-065CVE-2019-2230
MISC
google -- android
 
In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1401526192019-12-064.9CVE-2019-2226
MISC
google -- android
 
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1403225952019-12-066.8CVE-2019-2222
MISC
google -- chromeUse-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-13732
MISC
MISC
google -- chromeInsufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.2019-12-104.3CVE-2019-13750
MISC
MISC
google -- chromeInsufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.2019-12-106.8CVE-2019-13741
MISC
MISC
google -- chromeIncorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS.2019-12-104.3CVE-2019-13672
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2019-12-104.3CVE-2019-13744
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2019-12-104.3CVE-2019-13737
MISC
MISC
google -- chrome
 
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.2019-12-104.3CVE-2019-13761
MISC
MISC
google -- chrome
 
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.2019-12-106.8CVE-2019-13726
MISC
MISC
google -- chrome
 
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.2019-12-104.3CVE-2019-13759
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2019-12-104.3CVE-2019-13758
MISC
MISC
google -- chrome
 
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.2019-12-104.3CVE-2019-13757
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.2019-12-104.3CVE-2019-13763
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.2019-12-104.3CVE-2019-13755
MISC
MISC
google -- chrome
 
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.2019-12-104.3CVE-2019-13756
MISC
MISC
google -- chrome
 
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2019-12-104.3CVE-2019-13752
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.2019-12-104.3CVE-2019-13738
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2019-12-104.3CVE-2019-13745
MISC
MISC
google -- chrome
 
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.2019-12-104.3CVE-2019-13743
MISC
MISC
google -- chrome
 
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.2019-12-104.3CVE-2019-13742
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.2019-12-104.3CVE-2019-13739
MISC
MISC
google -- chrome
 
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.2019-12-104.3CVE-2019-13740
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2019-12-104.3CVE-2019-13746
MISC
MISC
google -- chrome
 
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2019-12-104.3CVE-2019-13749
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2019-12-104.3CVE-2019-13748
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2019-12-104.3CVE-2019-13754
MISC
MISC
google -- chrome
 
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2019-12-104.3CVE-2019-13753
MISC
MISC
google -- chrome
 
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2019-12-104.3CVE-2019-13751
MISC
MISC
google -- chrome
 
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.2019-12-106.8CVE-2019-13725
MISC
MISC
google -- chrome
 
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-5841
MISC
MISC
google -- chrome
 
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-13730
MISC
MISC
google -- chrome
 
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-13764
MISC
MISC
google -- chrome
 
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.2019-12-106.8CVE-2019-13735
MISC
MISC
google -- chrome
 
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-13734
MISC
MISC
google -- chrome
 
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-13747
MISC
MISC
google -- chrome
 
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.2019-12-106.8CVE-2019-13736
MISC
MISC
google -- chrome
 
Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-13729
MISC
MISC
google -- chrome
 
Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-5843
MISC
MISC
google -- chrome
 
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2019-12-106.8CVE-2019-13728
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.2019-12-106.8CVE-2019-13727
MISC
MISC
htmldoc -- htmldoc
 
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.2019-12-086.8CVE-2019-19630
MISC
MLIST
ibm -- cloud_pak_systemIBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.2019-12-104.3CVE-2019-4095
XF
CONFIRM
ibm -- planning_analyticsIBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.2019-12-096.5CVE-2019-4612
XF
CONFIRM
ibm -- smartcloud_analytics
 
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.2019-12-106.4CVE-2019-4244
XF
CONFIRM
intesync -- solismedIntesync Solismed 3.3sp has CSRF.2019-12-126.8CVE-2019-15934
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp allows Clickjacking.2019-12-124.3CVE-2019-15930
MISC
MISC
MISC
MISC
intesync -- solismed
 
Intesync Solismed 3.3sp has XSS.2019-12-124.3CVE-2019-15935
MISC
MISC
MISC
MISC
intesync -- solismed
 
An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.2019-12-124.3CVE-2019-17428
MISC
MISC
MISC
katello -- katello
 
Katello has a Denial of Service vulnerability in API OAuth authentication2019-12-105CVE-2013-4120
MISC
MISC
ktor -- ktorIn Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.2019-12-105.8CVE-2019-19703
MISC
libcapsinetwork_and_monopd -- libcapsinetwork_and_monopd
 
Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.2019-12-095CVE-2015-0841
MISC
MISC
MISC
MISC
linux -- linux_kernelIn the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.2019-12-086.8CVE-2019-19447
MISC
linux -- linux_kernel
 
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.2019-12-086.8CVE-2019-19448
MISC
linux -- linux_kernel
 
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).2019-12-086.8CVE-2019-19449
MISC
marc-q -- libwavmarc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.2019-12-104.3CVE-2019-19698
MISC
MISC
mediawiki -- mediawikiThe VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.2019-12-114.3CVE-2019-19708
MISC
MISC
microsoft -- authentication_library_for_android
 
An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'.2019-12-104CVE-2019-1487
MISC
microsoft -- multiple_excel_and_office_productsAn information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.2019-12-104.3CVE-2019-1464
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466.2019-12-104.3CVE-2019-1467
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.2019-12-104CVE-2019-1470
MISC
microsoft -- multiple_windows_productsA denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.2019-12-105CVE-2019-1453
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467.2019-12-104.3CVE-2019-1465
MISC
MISC
microsoft -- multiple_windows_products
 
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.2019-12-106.8CVE-2019-1484
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467.2019-12-104.3CVE-2019-1466
MISC
MISC
microsoft -- power_bi_report_server_and_sql_server _ 2017_ reporting _ services _and_sql_server _ 2019_ reporting _ services
 
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.2019-12-104.3CVE-2019-1332
MISC
microsoft -- windows_10_and_windows_server_and_windows_server_2019
 
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.2019-12-106.5CVE-2019-1471
MISC
microsoft -- windows_7An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1481.2019-12-104.3CVE-2019-1480
MISC
MISC
microsoft -- windows_7
 
An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480.2019-12-104.3CVE-2019-1481
MISC
MISC
microsoft -- windows_xp_service
 
An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.2019-12-105CVE-2019-1489
MISC
mozilla -- firefoxMozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.2019-12-104.3CVE-2013-1689
CONFIRM
MISC
nopcommerce -- nopcommercenopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.2019-12-096.5CVE-2019-19684
MISC
openstack -- openstack-utils
 
openstack-utils openstack-db has insecure password creation2019-12-105CVE-2013-1793
MISC
MISC
puppet -- puppet_enterprisePuppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."2019-12-114.3CVE-2013-4968
MISC
pyradius -- pyrad
 
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.2019-12-094.3CVE-2013-0342
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
qualcomm -- multiple_snapdragon_productsOut of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM81502019-12-125CVE-2019-2310
CONFIRM
qualcomm -- multiple_snapdragon_productsRace condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM81502019-12-124.4CVE-2019-10494
CONFIRM
qualcomm -- multiple_snapdragon_productsBuffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM81502019-12-124.6CVE-2019-10555
CONFIRM
qualcomm -- multiple_snapdragon_products
 
An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 8552019-12-124.9CVE-2019-10520
CONFIRM
qualcomm -- multiple_snapdragon_products
 
HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR21302019-12-124.6CVE-2019-2319
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21302019-12-124.6CVE-2019-10592
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX242019-12-124.6CVE-2019-10530
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR21302019-12-124.6CVE-2019-10571
CONFIRM
radare -- radare2
 
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.2019-12-096.8CVE-2019-19647
MISC
red_hat -- jboss_enterprise_application_platform_and_jboss_portal_platformJBossWeb Bayeux has reflected XSS2019-12-114.3CVE-2013-6495
MISC
MISC
red_hat -- jboss_keycloak
 
JBoss KeyCloak: XSS in login-status-iframe.html2019-12-104.3CVE-2014-3656
MISC
MISC
red_hat -- subscription_asset_managerkatello-headpin is vulnerable to CSRF in REST API2019-12-114.3CVE-2014-0026
MISC
MISC
ros -- sros
 
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)2019-12-065CVE-2019-19627
MISC
MISC
MISC
MISC
MISC
ros -- sros
 
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.2019-12-065CVE-2019-19625
MISC
MISC
samsung -- s6_edge
 
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.2019-12-094.6CVE-2015-7892
MISC
MISC
MISC
sitevision -- sitevision
 
SiteVision 4 has Incorrect Access Control.2019-12-066.5CVE-2019-12734
MISC
FULLDISC
FULLDISC
MISC
MISC
MISC
symantec -- messaging_gatewaySymantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2019-12-116.5CVE-2019-18377
MISC
tableau -- tableau_server
 
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.2019-12-114.3CVE-2019-19719
MISC
weidmueller -- multiple_devicesAn issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.2019-12-064CVE-2019-16673
MISC
MISC
CONFIRM
MISC
weidmueller -- multiple_devices
 
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.2019-12-065CVE-2019-16672
MISC
MISC
CONFIRM
MISC
weidmueller -- multiple_devices
 
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.2019-12-065CVE-2019-16674
MISC
MISC
CONFIRM
MISC
weidmueller -- multiple_devices
 
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.2019-12-066.8CVE-2019-16671
MISC
MISC
CONFIRM
MISC
xfig_project -- fig2devmake_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.2019-12-124.3CVE-2019-19746
MISC
zoho_manageengine -- applications_managerZoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.2019-12-116.5CVE-2019-19650
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
atlassian -- fisheye_and_crucible
 
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.2019-12-113.5CVE-2019-15007
MISC
MISC
atlassian -- jiraIn "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.2019-12-093.5CVE-2019-19678
MISC
atlassian -- jiraIn "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue.2019-12-093.5CVE-2019-19679
MISC
cloud_foundry -- uaa_release
 
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.2019-12-063.5CVE-2019-11293
CONFIRM
google -- androidIn updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-1398038722019-12-062.1CVE-2019-2229
MISC
google -- androidIn DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-1407684532019-12-063.3CVE-2019-2227
MISC
google -- android
 
In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-1419555552019-12-062.1CVE-2019-2231
MISC
google -- chromeInsufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.2019-12-102.1CVE-2019-13762
MISC
MISC
ibm -- planning_analytics
 
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.2019-12-093.5CVE-2019-4611
XF
CONFIRM
ibm -- spectrum_scaleIBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.2019-12-113.5CVE-2019-4665
XF
CONFIRM
ibm -- watson_assistant
 
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807.2019-12-093.5CVE-2019-4428
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.2019-12-103.5CVE-2019-4663
XF
CONFIRM
microsoft -- multiple_office_productsAn information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.2019-12-102.1CVE-2019-1400
MISC
microsoft -- multiple_office_products
 
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.2019-12-102.1CVE-2019-1463
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472.2019-12-102.1CVE-2019-1474
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.2019-12-102.1CVE-2019-1472
MISC
microsoft -- multiple_windows_products
 
A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.2019-12-102.1CVE-2019-1488
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.2019-12-102.1CVE-2019-1469
MISC
microsoft -- skype_for_business_serverA spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.2019-12-103.5CVE-2019-1490
MISC
monkey_project -- monkey_http_daemon
 
Monkey HTTP Daemon has local security bypass2019-12-103.6CVE-2013-2183
MISC
MISC
MISC
MISC
nopcommerce -- nopcommerce
 
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor.2019-12-093.5CVE-2019-19682
MISC
qualcomm -- multiple_snapdragon_productsUse after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR21302019-12-122.1CVE-2019-10484
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM81502019-12-122.1CVE-2019-10545
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR21302019-12-123.6CVE-2019-2338
CONFIRM
sangoma -- freepbxIn userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.2019-12-063.5CVE-2019-19551
CONFIRM
sangoma -- freepbx
 
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.2019-12-063.5CVE-2019-19552
MISC
sap -- adaptive_server_enterprise
 
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.2019-12-112.1CVE-2019-0402
CONFIRM
CONFIRM
symantec -- messaging_gateway
 
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.2019-12-113.5CVE-2019-18378
MISC
wordpress -- wordpress
 
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.2019-12-123.5CVE-2019-19198
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advantech -- webaccess
 
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.2019-12-12not yet calculatedCVE-2019-3951
MISC
airlive -- poe-2600hd_devicesAirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.2019-12-11not yet calculatedCVE-2013-3691
MISC
MISC
apache -- mod_wsgimod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.2019-12-09not yet calculatedCVE-2014-0242
MISC
MISC
MISC
MISC
apache -- qpid-cppqpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors2019-12-13not yet calculatedCVE-2014-0212
MISC
MISC
MISC
apache -- spamassassinIn Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.2019-12-12not yet calculatedCVE-2018-11805
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MISC
CONFIRM
DEBIAN
apache -- spamassassinIn Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.2019-12-12not yet calculatedCVE-2019-12420
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
CONFIRM
DEBIAN
apple -- safariA freed memory access vulnerability exists in the SVG Marker Element feature of Apple Safari's WebKit version 13.0.2. A specially crafted HTML web page can cause a use after free, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted HTML web page needs to be opened in the browser.2019-12-12not yet calculatedCVE-2019-5144
MISC
atlassian -- multiple_productsAn issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.2019-12-13not yet calculatedCVE-2019-13347
MISC
MISC
avaya -- ip_office_application_server
 
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.2019-12-12not yet calculatedCVE-2019-7004
CONFIRM
bitwarden -- serverThe Bitwarden server through 1.32.0 has a potentially unwanted KDF.2019-12-12not yet calculatedCVE-2019-19766
MISC
MISC
bson-objectid -- bson-objectid
 
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype.2019-12-11not yet calculatedCVE-2019-19729
MISC
MISC
chrony -- chronychrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.2019-12-09not yet calculatedCVE-2015-1853
MISC
MISC
coredns -- coredns
 
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.2019-12-13not yet calculatedCVE-2019-19794
MISC
MISC
MISC
MISC
cyxtera -- appgate_sdp_clientIn Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.2019-12-13not yet calculatedCVE-2019-19793
MISC
data-uuid -- data-uuidPerl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks2019-12-10not yet calculatedCVE-2013-4184
MISC
MISC
MISC
MISC
MISC
MISC
MISC
dbd-pgpp -- dbd-pgppSQL injection vulnerability in DBD::PgPP 0.05 and earlier2019-12-11not yet calculatedCVE-2014-7257
MISC
MISC
dovecot -- dovecot
 
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.2019-12-13not yet calculatedCVE-2019-19722
CONFIRM
CONFIRM
CONFIRM
CONFIRM
duplicity -- duplicityduplicity 0.6.24 has improper verification of SSL certificates2019-12-13not yet calculatedCVE-2014-3495
MISC
MISC
MISC
MISC
egain -- mailThe eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)2019-12-13not yet calculatedCVE-2019-17123
MISC
enshrined -- svg-sanitizeIt is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer.2019-12-11not yet calculatedCVE-2019-10772
MISC
envoy_proxy -- envoy
 
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.2019-12-13not yet calculatedCVE-2019-18801
MISC
MISC
MISC
CONFIRM
MISC
envoy_proxy -- envoy
 
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.2019-12-13not yet calculatedCVE-2019-18838
MISC
MISC
CONFIRM
MISC
envoy_proxy -- envoy
 
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.2019-12-13not yet calculatedCVE-2019-18802
MISC
MISC
MISC
MISC
erlang -- erlanginets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.2019-12-10not yet calculatedCVE-2016-1000107
MISC
MISC
MISC
MISC
firecracker -- firecrackerFirecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.2019-12-11not yet calculatedCVE-2019-18960
MISC
MISC
MISC
CONFIRM
CONFIRM
foreman -- foremanForeman has improper input validation which could lead to partial Denial of Service2019-12-11not yet calculatedCVE-2014-0091
MISC
MISC
MISC
grandstream -- multiple_productsGrandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.2019-12-11not yet calculatedCVE-2013-3542
MISC
MISC
hammer_cli_foreman_gem_for_ruby_on_rails -- hammer_cli_foreman_gem_for_ruby_on_railsrubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable2019-12-13not yet calculatedCVE-2014-0241
MISC
MISC
hostapd -- hostapd
 
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.2019-12-12not yet calculatedCVE-2019-5061
MISC
hostapd -- hostapd
 
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.2019-12-12not yet calculatedCVE-2019-5062
MISC
huawei -- campusinsight
 
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.2019-12-13not yet calculatedCVE-2019-5278
MISC
huawei -- cloudengine
 
CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device.2019-12-13not yet calculatedCVE-2019-5248
MISC
huawei -- cloudusm-eua
 
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.2019-12-13not yet calculatedCVE-2019-5277
MISC
huawei -- e5572-855
 
E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack.2019-12-13not yet calculatedCVE-2019-5253
MISC
huawei -- mate_20_pro_smartphone
 
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.2019-12-13not yet calculatedCVE-2019-5250
MISC
huawei -- multiple_productsThere is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.2019-12-13not yet calculatedCVE-2019-19397
MISC
huawei -- multiple_products

 

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service.2019-12-13not yet calculatedCVE-2019-5255
MISC
huawei -- multiple_products

 

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network.2019-12-13not yet calculatedCVE-2019-5257
MISC
huawei -- multiple_products

 

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.2019-12-13not yet calculatedCVE-2019-5258
MISC
huawei -- multiple_products
 
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system dereferences a pointer that it expects to be valid, but is NULL. A local attacker could exploit this vulnerability by sending crafted parameters. A successful exploit could cause a denial of service and the process reboot.2019-12-13not yet calculatedCVE-2019-5256
MISC
huawei -- multiple_products
 
Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.2019-12-13not yet calculatedCVE-2019-5291
MISC
huawei -- multiple_products
 
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.2019-12-13not yet calculatedCVE-2019-5254
MISC
huawei -- multiple_smartphonesSome Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.2019-12-14not yet calculatedCVE-2019-5235
MISC
huawei -- multiple_smartphones
 
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.2019-12-13not yet calculatedCVE-2019-5264
MISC
huawei -- multiple_smartphones
 
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.2019-12-14not yet calculatedCVE-2019-5252
MISC
huawei -- multiple_smartphones
 
There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.2019-12-13not yet calculatedCVE-2019-5251
MISC
huawei -- s5700_and_s6700_switches
 
Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.2019-12-13not yet calculatedCVE-2019-5290
MISC
huawei -- y9_2019_and_honor_view_20_smartphonesHuawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.2019-12-13not yet calculatedCVE-2019-5260
MISC
ibm -- case_managerThe Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.2019-12-13not yet calculatedCVE-2019-4426
XF
CONFIRM
CONFIRM
ibm -- datapower_gateway
 
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.2019-12-09not yet calculatedCVE-2019-4621
XF
CONFIRM
ibm -- db2_high_performance_unload
 
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.2019-12-12not yet calculatedCVE-2019-4606
XF
CONFIRM
idrix -- veracryptVeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.2019-12-13not yet calculatedCVE-2019-19501
MISC
MISC
kde -- kde_workspacekde-workspace before 4.10.5 has a memory leak in plasma desktop2019-12-10not yet calculatedCVE-2013-4133
MISC
MISC
MISC
MISC
MISC
MISC
MISC
labf -- aceaxe_plus
 
The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.2019-12-13not yet calculatedCVE-2019-19782
MISC
MISC
last.fm -- last.fm_app_for_macosThe Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.2019-12-10not yet calculatedCVE-2019-19251
MISC
lead_technologies -- leadtoolsAn exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.2019-12-12not yet calculatedCVE-2019-5085
CONFIRM
lead_technologies -- leadtools
 
An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.2019-12-12not yet calculatedCVE-2019-5090
CONFIRM
lead_technologies -- leadtools
 
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.2019-12-12not yet calculatedCVE-2019-5154
CONFIRM
lead_technologies -- leadtools
 
An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.2019-12-12not yet calculatedCVE-2019-5093
CONFIRM
lead_technologies -- leadtools
 
An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability.2019-12-12not yet calculatedCVE-2019-5092
CONFIRM
lead_technologies -- leadtools
 
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.2019-12-12not yet calculatedCVE-2019-5091
CONFIRM
lenovo-- energy_management_driver_for_windows_10
 
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.2019-12-10not yet calculatedCVE-2019-6183
CONFIRM
lenovo-- power_management_driver
 
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.2019-12-10not yet calculatedCVE-2019-6192
MISC
CONFIRM
libsixel_project -- libsixelAn issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.2019-12-13not yet calculatedCVE-2019-19778
MISC
libssh -- libsshA flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.2019-12-10not yet calculatedCVE-2019-14889
CONFIRM
UBUNTU
CONFIRM
linux -- linux_kernelIn the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).2019-12-12not yet calculatedCVE-2019-19768
MISC
linux -- linux_kernelIn the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).2019-12-12not yet calculatedCVE-2019-19769
MISC
linux -- linux_kernelIn the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file).2019-12-12not yet calculatedCVE-2019-19770
MISC
linux -- linux_kernel
 
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.2019-12-12not yet calculatedCVE-2019-19767
MISC
MISC
MISC
MISC
MISC
mcafee -- techcheck
 
DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.2019-12-11not yet calculatedCVE-2019-3667
CONFIRM
mcollective -- mcollectivemcollective has a default password set at install2019-12-13not yet calculatedCVE-2014-0175
MISC
MISC
MISC
mediawiki -- mediawikiincludes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.2019-12-11not yet calculatedCVE-2013-4303
MISC
MISC
MISC
MISC
MISC
mediawiki -- mediawiki
 
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.2019-12-11not yet calculatedCVE-2019-19709
MISC
MISC
micro_focus -- acutowebUnauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.2019-12-11not yet calculatedCVE-2019-17087
CONFIRM
microsoft -- visual_studio_2019_and_visual_studio_live_shareA spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.2019-12-10not yet calculatedCVE-2019-1486
MISC
minerstat -- msosminerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.2019-12-12not yet calculatedCVE-2019-19750
MISC
modoboa -- modoboa
 
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.2019-12-10not yet calculatedCVE-2019-19702
MISC
moxa -- eds-g508e_and_eds-g512e_and_eds-g516e_devicesOn Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.2019-12-11not yet calculatedCVE-2019-19707
MISC
multiple_vendors -- multiple_productsA vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.2019-12-11not yet calculatedCVE-2019-14899
CONFIRM
MISC
node-connect -- node-connectnode-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware2019-12-11not yet calculatedCVE-2013-7370
MISC
MISC
MISC
MISC
MISC
MISC
MISC
node-connect -- node-connectnode-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)2019-12-11not yet calculatedCVE-2013-7371
MISC
MISC
MISC
MISC
MISC
MISC
node.js -- node.jsThe lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.2019-12-12not yet calculatedCVE-2019-19771
MISC
MISC
nopcommerce -- nopcommerce
 
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.2019-12-09not yet calculatedCVE-2019-19685
MISC
nopcommerce -- nopcommerce
 
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.2019-12-09not yet calculatedCVE-2019-19683
MISC
npm -- cliVersions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user?s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.2019-12-13not yet calculatedCVE-2019-16776
MISC
CONFIRM
npm -- cliVersions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user?s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.2019-12-13not yet calculatedCVE-2019-16775
MISC
CONFIRM
npm -- cliVersions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.2019-12-13not yet calculatedCVE-2019-16777
MISC
CONFIRM
omniauth-facebook_gem_for_ruby_on_rails -- omniauth-facebook_gem_for_ruby_on_railsRubyGem omniauth-facebook has an access token security vulnerability2019-12-11not yet calculatedCVE-2013-4593
MISC
MISC
MISC
MISC
openbsd -- openbsdlib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.2019-12-10not yet calculatedCVE-2012-1577
CONFIRM
MISC
MISC
MISC
openbsd -- openbsd
 
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.2019-12-12not yet calculatedCVE-2019-19726
MISC
FULLDISC
BUGTRAQ
CONFIRM
MISC
openshift-origin-controller_gem_for_ruby_on_rails -- openshift-origin-controller_gem_for_ruby_on_railsrubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection2019-12-10not yet calculatedCVE-2013-2095
MISC
MISC
openstack -- keystone
 
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)2019-12-09not yet calculatedCVE-2019-19687
MLIST
MISC
MISC
MISC
MISC
CONFIRM
pen -- penPen 0.18.0 has Insecure Temporary File Creation vulnerabilities2019-12-13not yet calculatedCVE-2014-2387
MISC
MISC
MISC
MISC
MISC
MISC
MISC
phpfastcache -- phpfastcacheIn phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.2019-12-12not yet calculatedCVE-2019-16774
MISC
MISC
CONFIRM
puppet -- puppet_enterpriseWhen using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user?s username and password were exposed in the job?s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.2019-12-12not yet calculatedCVE-2019-10695
MISC
puppet -- puppet_enterpriseThe express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.2019-12-12not yet calculatedCVE-2019-10694
MISC
python-keystoneclient -- python-keystoneclientpython-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass2019-12-10not yet calculatedCVE-2013-2166
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
python-keystoneclient -- python-keystoneclientpython-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass2019-12-10not yet calculatedCVE-2013-2167
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
qualcomm -- snapdragon_connectivityDriver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA63902019-12-12not yet calculatedCVE-2019-10618
CONFIRM
red_hat -- cloudform_management_engineCFME: CSRF protection vulnerability via permissive check of the referrer header2019-12-13not yet calculatedCVE-2014-0197
MISC
MISC
red_hat -- openshiftOpenshift has shell command injection flaws due to unsanitized data being passed into shell commands.2019-12-11not yet calculatedCVE-2014-0163
MISC
MISC
red_hat -- 3scaleA vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.2019-12-12not yet calculatedCVE-2019-14849
CONFIRM
relialble_controls -- licensemanagerReliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application.2019-12-11not yet calculatedCVE-2019-18245
MISC
samba -- sambaAll Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.2019-12-10not yet calculatedCVE-2019-14861
CONFIRM
FEDORA
CONFIRM
UBUNTU
UBUNTU
CONFIRM
samba -- sambaAll Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.2019-12-10not yet calculatedCVE-2019-14870
CONFIRM
FEDORA
CONFIRM
UBUNTU
UBUNTU
CONFIRM
samurai -- samurai
 
samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file.2019-12-13not yet calculatedCVE-2019-19795
MISC
sap -- businessobjects_business_intelligence_platformDue to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.2019-12-11not yet calculatedCVE-2019-0398
CONFIRM
CONFIRM
sap -- businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.2019-12-11not yet calculatedCVE-2019-0395
CONFIRM
CONFIRM
sap -- enable_nowSAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.2019-12-11not yet calculatedCVE-2019-0405
CONFIRM
CONFIRM
sap -- enable_nowSAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.2019-12-11not yet calculatedCVE-2019-0404
CONFIRM
CONFIRM
sap -- enable_nowSAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.2019-12-11not yet calculatedCVE-2019-0403
CONFIRM
CONFIRM
sap -- portfolio_and_project_managementSAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.2019-12-11not yet calculatedCVE-2019-0399
CONFIRM
CONFIRM
secureworks -- red_cloak_windows_agent
 
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file.2019-12-06not yet calculatedCVE-2019-19620
MISC
MISC
siemens -- en100_ethernet_modulesA vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known.2019-12-12not yet calculatedCVE-2019-13943
CONFIRM
siemens -- en100_ethernet_modulesA vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-13944
CONFIRM
siemens -- en100_ethernet_modulesA vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-13942
CONFIRM
siemens -- multiple_desigo_px_productsA vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-13927
MISC
siemens -- simatic_s7-1200_cpu_and_simatic_s7-200_smart_cpuA vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-13945
MISC
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_serverA vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.2019-12-12not yet calculatedCVE-2019-18338
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_serverA vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The user configuration menu in the web interface of the SiNVR 3 Central Control Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other SiNVR 3 CCS users.2019-12-12not yet calculatedCVE-2019-13947
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).2019-12-12not yet calculatedCVE-2019-18341
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). Both the SiNVR 3 Video Server and the Central Control Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.2019-12-12not yet calculatedCVE-2019-18340
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext.2019-12-12not yet calculatedCVE-2019-18339
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.2019-12-12not yet calculatedCVE-2019-18342
CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.2019-12-12not yet calculatedCVE-2019-18337
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18318
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18283
MISC
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18319
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18317
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18315
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18284
MISC
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18285
MISC
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18288
MISC
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18287
MISC
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18316
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18286
MISC
CONFIRM
siemens -- sppa-t3000_application_serverA vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18314
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18331
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18333
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18320
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18335
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18334
CONFIRM
siemens -- sppa-t3000_application_server
 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18332
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18323
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18295
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18304
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18290
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18306
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18310
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18326
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18305
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18313
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18303
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18311
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18307
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18293
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18292
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18308
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18291
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18294
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18312
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18296
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18299
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18300
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18298
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18301
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18309
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18302
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18289
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_serverA vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18297
MISC
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18321
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18322
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18325
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18327
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18330
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18328
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18329
CONFIRM
siemens -- sppa-t3000_ms3000_migration_server
 
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-18324
CONFIRM
siemens -- xhqA vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-13932
CONFIRM
siemens -- xhqA vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-13930
CONFIRM
siemens -- xhqA vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-12-12not yet calculatedCVE-2019-13931
CONFIRM
skymee -- petwant_pf-103_and_petalk_aiA stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.2019-12-13not yet calculatedCVE-2019-16735
MISC
skymee -- petwant_pf-103_and_petalk_aiA stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.2019-12-13not yet calculatedCVE-2019-16736
MISC
skymee -- petwant_pf-103_and_petalk_aiThe processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.2019-12-13not yet calculatedCVE-2019-17364
MISC
skymee -- petwant_pf-103_and_petalk_aiUse of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.2019-12-13not yet calculatedCVE-2019-16734
MISC
skymee -- petwant_pf-103_and_petalk_aiprocessCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.2019-12-13not yet calculatedCVE-2019-16733
MISC
skymee -- petwant_pf-103_and_petalk_aiUnencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.2019-12-13not yet calculatedCVE-2019-16732
MISC
skymee -- petwant_pf-103_and_petalk_aiThe udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings.2019-12-13not yet calculatedCVE-2019-16731
MISC
skymee -- petwant_pf-103_and_petalk_aiprocessCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.2019-12-13not yet calculatedCVE-2019-16730
MISC
MISC
skymee -- petwant_pf-103_and_petalk_aiThe processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.2019-12-13not yet calculatedCVE-2019-16737
MISC
smokeping -- smokepingsmokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)2019-12-11not yet calculatedCVE-2013-4158
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
snakeyaml -- snakeyamlThe Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.2019-12-12not yet calculatedCVE-2017-18640
MISC
MISC
sqlite -- sqlite
 
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.2019-12-09not yet calculatedCVE-2019-19645
MISC
sqlite -- sqlite
 
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.2019-12-09not yet calculatedCVE-2019-19646
MISC
MISC
MISC
squiz -- squiz_matrix_content_management_systemAn issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. This unserialization can be used to trigger the inclusion of arbitrary files on the filesystem (local file inclusion), and results in remote code execution.2019-12-11not yet calculatedCVE-2019-19373
FULLDISC
MISC
MISC
squiz -- squiz_matrix_content_management_system
 
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.)2019-12-11not yet calculatedCVE-2019-19374
FULLDISC
MISC
MISC
stb_image.h -- stb_image.hstb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.2019-12-13not yet calculatedCVE-2019-19777
MISC
supermicro -- x8sti-f_motherboards
 
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.2019-12-08not yet calculatedCVE-2019-19642
MISC
suphp -- suphpsuPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution2019-12-13not yet calculatedCVE-2014-1867
MISC
MISC
MISC
MISC
symantec -- industrial_control_system_protection
 
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.2019-12-09not yet calculatedCVE-2019-18380
CONFIRM
telerik -- telerik_ui_for_asp.net_ajaxProgress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (In 2019.3.1023 but not earlier versions, a non-default setting can prevent exploitation.)2019-12-11not yet calculatedCVE-2019-18935
MISC
MISC
MISC
MISC
telerik -- telerik_ui_for_asp.net_ajax
 
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler).2019-12-13not yet calculatedCVE-2019-19790
MISC
MISC
tematres -- tematresTemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI.2019-12-13not yet calculatedCVE-2019-14344
MISC
MISC
temenos -- channelsAn issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.2019-12-09not yet calculatedCVE-2019-14251
MISC
thales_dis -- safenet_sentinel_ldk_license_managerSafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.2019-12-11not yet calculatedCVE-2019-18232
MISC
virustotal -- yaraIn the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.2019-12-09not yet calculatedCVE-2019-19648
MISC
wolfssl -- wolfssl_and_wolfcryptwolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.2019-12-11not yet calculatedCVE-2019-14317
MISC
wordpress -- wordpressMultiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.2019-12-11not yet calculatedCVE-2013-5978
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.2019-12-13not yet calculatedCVE-2019-17599
MISC
MISC
MISC
MISC
xen_project -- xenAn issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.2019-12-11not yet calculatedCVE-2019-19580
MISC
xen_project -- xenAn issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.2019-12-11not yet calculatedCVE-2019-19582
MISC
xen_project -- xen
 
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.2019-12-11not yet calculatedCVE-2019-19583
MISC
xen_project -- xen
 
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.2019-12-11not yet calculatedCVE-2019-19578
MISC
xen_project -- xen
 
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.2019-12-11not yet calculatedCVE-2019-19581
MISC
xen_project -- xen
 
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.2019-12-11not yet calculatedCVE-2019-19577
MISC
yabasic -- yabasicYabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file.2019-12-13not yet calculatedCVE-2019-19796
MISC
yabasic -- yabasicYabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.2019-12-11not yet calculatedCVE-2019-19720
MISC
MISC
yachtcontrol -- yachtcontrolYachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.2019-12-10not yet calculatedCVE-2019-17270
MISC
EXPLOIT-DB
yaws -- yawsyaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.2019-12-10not yet calculatedCVE-2016-1000108
MISC
CONFIRM
MISC
MISC
zabbix -- zabbixMultiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.2019-12-11not yet calculatedCVE-2013-5743
CONFIRM
CONFIRM
CONFIRM
CONFIRM
zoho manageengine -- eventlog_analyzer
 
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.2019-12-13not yet calculatedCVE-2019-19774
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.