US CERT: Security Bulletins

Subscribe to US CERT: Security Bulletins hírcsatorna
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Frissítve: 1 óra 51 perc
2019. november 11.

Vulnerability Summary for the Week of November 4, 2019

Original release date: November 11, 2019 | Last revised: November 12, 2019

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- struts Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. 2019-11-01 7.5 CVE-2011-3923
MISC
EXPLOIT-DB
BID
MISC
MISC
XF
MISC aruba_networks -- clearpass_policy_manager Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. 2019-11-06 10 CVE-2016-4401
CONFIRM clamav -- clamav There is a possible heap overflow in libclamav/fsg.c before 0.100.0. 2019-11-06 7.5 CVE-2007-0899
MISC computing_for_good -- basic_laboratory_information_system Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user. 2019-11-06 7.5 CVE-2019-5617
MISC computing_for_good -- basic_laboratory_information_system
  Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator. 2019-11-06 7.5 CVE-2019-5644
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview 2019-11-04 7.5 CVE-2013-2259
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input 2019-11-04 7.5 CVE-2013-4103
MISC
MISC
MISC
MISC
MISC gri -- gri gri before 2.12.18 generates temporary files in an insecure way. 2019-11-08 7.5 CVE-2008-7291
MISC isl_internet_sicherheitslösungen -- arp_guard A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. 2019-11-04 7.5 CVE-2019-18663
MISC linux -- linux_kernel A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef. 2019-11-07 7.8 CVE-2019-18812
MISC linux -- linux_kernel A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.33 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. 2019-11-07 7.8 CVE-2010-2243
MISC
CONFIRM
MISC
MLIST linux -- linux_kernel An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. 2019-11-07 7.5 CVE-2019-18814
MISC linux -- linux_kernel A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. 2019-11-07 7.8 CVE-2019-18813
MISC linux -- linux_kernel An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. 2019-11-04 7.8 CVE-2019-18680
MISC
MISC
MISC
MISC linux -- linux_kernel An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. 2019-11-07 7.5 CVE-2019-18805
MISC
MISC linux -- linux_kernel A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d. 2019-11-07 7.8 CVE-2019-18810
MISC
MISC linux -- linux_kernel A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. 2019-11-07 7.8 CVE-2019-18809
MISC linux -- linux_kernel A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. 2019-11-07 7.8 CVE-2019-18811
MISC linux-vserver -- linux-vserver linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. 2019-11-06 10 CVE-2006-4243
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods. 2019-11-06 7.5 CVE-2019-8144
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection. 2019-11-06 9 CVE-2019-8159
MISC magento -- magento An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities. 2019-11-05 7.5 CVE-2019-8121
MISC magento -- magento An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component. 2019-11-06 7.5 CVE-2019-8136
MISC magento -- magento An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data allows an attacker to limited access to underlying XML data. 2019-11-06 7.5 CVE-2019-8158
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution. 2019-11-06 7.5 CVE-2019-8135
MISC minidlna -- minidlna MiniDLNA has heap-based buffer overflow 2019-11-01 7.5 CVE-2013-2739
MISC
MISC minidlna -- minidlna minidlna has SQL Injection that may allow retrieval of arbitrary files 2019-11-01 7.5 CVE-2013-2738
MISC
MISC
MISC
MISC nvu -- nvu Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. 2019-11-05 7.5 CVE-2005-2354
MISC
MISC
MISC php-gettext -- php-gettext The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. 2019-11-04 7.5 CVE-2015-8980
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM portainer -- portainer Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). 2019-11-07 9 CVE-2019-16872
MISC python_sofware_foundation_and_beanbag -- djblets_and_review_board An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. 2019-11-04 7.5 CVE-2013-4409
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC qualcomm -- multiple_products Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 2019-11-06 7.5 CVE-2019-10528
CONFIRM qualcomm -- multiple_products Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 10 CVE-2019-10533
CONFIRM qualcomm -- multiple_products Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 7.5 CVE-2019-10505
CONFIRM qualcomm -- multiple_products While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 7.5 CVE-2019-10522
CONFIRM qualcomm -- multiple_products While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8976, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM8150 2019-11-06 7.5 CVE-2019-2302
CONFIRM qualcomm -- multiple_products Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20 2019-11-06 7.5 CVE-2019-10542
CONFIRM qualcomm -- multiple_products Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, QCN7605, QCS405, QCS605, SDM845, SDX24, SXR1130 2019-11-06 7.5 CVE-2019-10565
CONFIRM qualcomm -- multiple_products Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 10 CVE-2019-10541
CONFIRM qualcomm -- multiple_products Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 10 CVE-2019-10534
CONFIRM qualcomm -- multiple_products Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439 2019-11-06 10 CVE-2019-10531
CONFIRM qualcomm -- multiple_products Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 9.3 CVE-2019-10529
CONFIRM qualcomm -- multiple_products Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 2019-11-06 10 CVE-2019-2249
CONFIRM qualcomm -- multiple_products Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2283
CONFIRM qualcomm -- multiple_products Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 2019-11-06 10 CVE-2019-2258
CONFIRM qualcomm -- multiple_products Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574, QCS605, Qualcomm 215, SD 425, SD 427, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 2019-11-06 7.2 CVE-2019-2246
CONFIRM qualcomm -- multiple_products When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24 2019-11-06 10 CVE-2019-2324
CONFIRM qualcomm -- multiple_products Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2325
CONFIRM qualcomm -- multiple_products Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-11-06 10 CVE-2019-2285
CONFIRM qualcomm -- multiple_products Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2332
CONFIRM qualcomm -- multiple_products Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2323
CONFIRM qualcomm -- multiple_products Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 10 CVE-2019-2331
CONFIRM quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir]. 2019-11-06 7.5 CVE-2019-12918
MISC
MISC rbot -- rbot Rbot Reaction plugin allows command execution 2019-11-06 7.5 CVE-2010-2446
MISC
MISC red_hat -- openshift cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. 2019-11-01 7.5 CVE-2013-0165
MISC s9y -- serendipity Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. 2019-11-05 7.5 CVE-2011-1134
CONFIRM
DEBIAN
SECTRACK
MISC salesagility -- suitecrm SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. 2019-11-06 7.5 CVE-2019-18784
MISC
MISC shadow_and_sudo -- shadow_and_sudo There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. 2019-11-04 7.2 CVE-2005-4890
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC sonatype  -- nexus_repository_manager There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. 2019-11-01 9 CVE-2019-15588
MISC
CONFIRM twiki -- twiki TWiki allows arbitrary shell command execution via the Include function 2019-11-01 7.5 CVE-2005-3056
DEBIAN
MISC
CONFIRM twiki -- twiki TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. 2019-11-07 10 CVE-2013-1751
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. 2019-11-05 9.4 CVE-2010-3671
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. 2019-11-06 7.5 CVE-2011-4628
MISC
CONFIRM xlockmore -- xlockmore xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. 2019-11-06 7.5 CVE-2006-0061
MISC
MISC
MISC xlockmore -- xlockmore xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. 2019-11-06 7.5 CVE-2006-0062
MISC
MISC youphptube -- youphptube An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. 2019-11-02 7.5 CVE-2019-18662
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 360 -- multiple_routers A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897. 2019-11-04 6.5 CVE-2018-19031
MISC alqo -- alqo alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19161
MISC
MISC amazon_web_services -- freertos+fat Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache(). 2019-11-04 5 CVE-2019-18178
MISC atlassian -- jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. 2019-11-01 4 CVE-2019-16909
MISC
MISC atlassian -- jira An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. 2019-11-01 5 CVE-2019-16908
MISC
MISC avast -- antivirus A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 4.3 CVE-2019-18653
MISC
MISC avg_technologies -- antivirus A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 4.3 CVE-2019-18654
MISC
MISC broadcom -- brocade_sannav A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. 2019-11-08 5.8 CVE-2019-16209
CONFIRM broadcom -- brocade_sannav Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. 2019-11-08 4.6 CVE-2019-16207
CONFIRM centurylink -- technicolor_c2000t_and_c2100t_modems Technicolor C2000T and C2100T uses hard-coded cryptographic keys. 2019-11-06 4.3 CVE-2015-7276
MISC
MISC cisco -- enterprise_chat_and_email A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1. 2019-11-05 4.3 CVE-2019-1877
CISCO cisco -- multiple_products A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. 2019-11-05 5 CVE-2019-1978
CISCO cisco -- multiple_products A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy. 2019-11-05 5 CVE-2019-1980
CISCO cisco -- multiple_products A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked. 2019-11-05 5 CVE-2019-1981
CISCO cisco -- multiple_products A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. 2019-11-05 5 CVE-2019-1982
CISCO cisco -- telepresence_advanced_media_gateway A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition. 2019-11-05 6.8 CVE-2019-15966
CISCO clamav -- clamav ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. 2019-11-05 5 CVE-2019-12625
MISC clamav -- clamav ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. 2019-11-05 5 CVE-2019-1789
MISC cloakcoin -- cloakcoin CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19167
MISC
MISC computing_for_good -- basic_laboratory_information_system Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation. 2019-11-06 5 CVE-2019-5643
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting 2019-11-05 4.3 CVE-2013-4107
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Remote Denial of Service via username 2019-11-04 5 CVE-2013-4100
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure 2019-11-04 5 CVE-2013-4105
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness 2019-11-04 5 CVE-2013-4101
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat has an Unspecified Chat Participant User List Disclosure 2019-11-05 5 CVE-2013-4110
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat strophe.js before 2.0.22 has information disclosure 2019-11-04 5 CVE-2013-2262
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness 2019-11-04 6.4 CVE-2013-4102
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness 2019-11-04 5 CVE-2013-2260
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure 2019-11-04 5 CVE-2013-2261
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol 2019-11-04 5 CVE-2013-4104
MISC
MISC
MISC
MISC cryptocat_project -- cryptocat Cryptocat before 2.0.22 has Nickname User Impersonation 2019-11-04 5 CVE-2013-2258
MISC
MISC
MISC cryptocat_project -- cryptocat
  Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness 2019-11-04 5 CVE-2013-2257
MISC
MISC
MISC diamond -- diamond Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19160
MISC
MISC divi_project -- divi Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19162
MISC
MISC djvulibre -- djvulibre DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. 2019-11-07 5 CVE-2019-18804
MISC
MLIST
MISC eclipse -- jetty Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. 2019-11-06 4.3 CVE-2009-5048
MISC
MISC
MLIST eclipse -- jetty WebApp JSP Snoop page XSS in jetty though 6.1.21. 2019-11-06 4.3 CVE-2009-5049
MISC
MISC
MLIST emercoin -- emercoin emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-11-05 5 CVE-2018-19152
MISC
MISC f5 -- big-ip On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. 2019-11-01 4 CVE-2019-6658
CONFIRM f5 -- big-ip On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. 2019-11-01 4.3 CVE-2019-6657
CONFIRM fastweb -- fastgate Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. 2019-11-02 5 CVE-2019-18661
MISC
MISC federal_communications_commission -- wireless_emergency_alerts The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. 2019-11-02 5 CVE-2019-18659
MISC forcepoint -- email_security It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. 2019-11-05 4.3 CVE-2019-6142
CONFIRM foswiki -- foswiki Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. 2019-11-01 6.8 CVE-2013-1666
CONFIRM
MISC
MISC
MISC freebsd -- nsd FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. 2019-11-01 4.3 CVE-2012-2979
MISC
CONFIRM
MISC glpi_project -- glpi GLPI 0.83.7 has Local File Inclusion in common.tabs.php. 2019-11-01 5 CVE-2013-2227
MISC
MISC
MISC
MISC
MISC gnome -- evince evince is missing a check on number of pages which can lead to a segmentation fault 2019-11-01 4.3 CVE-2013-3718
MISC
MISC
MISC
MISC gnu -- glibc slim has NULL pointer dereference when using crypt() method from glibc 2.17 2019-11-04 5 CVE-2013-4412
MISC
MISC
MISC
MISC
MISC
MISC gnuboard -- gnuboard5 GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter. 2019-11-07 4.3 CVE-2018-18674
MISC
MISC
MISC gource -- gource Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. 2019-11-07 5.5 CVE-2010-2449
CONFIRM
MISC
BID gs-gpl -- gs-gpl I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. 2019-11-01 6.8 CVE-2005-2352
MISC
MISC horde -- groupware_webmail_edition Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. 2019-11-05 4.3 CVE-2013-6275
MISC
MISC
MISC
MISC
MISC
MISC
MISC htmlcoin -- htmlcoin HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-11-05 5 CVE-2018-19154
MISC
MISC icoutils -- icoutils The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. 2019-11-04 6.8 CVE-2017-5332
SUSE
SUSE
SUSE
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM icoutils -- icoutils Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. 2019-11-04 4.6 CVE-2017-5331
SUSE
SUSE
SUSE
DEBIAN
MLIST
BID
UBUNTU
CONFIRM icoutils -- icoutils Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. 2019-11-04 6.8 CVE-2017-5333
SUSE
SUSE
SUSE
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM internet_systems_consortium -- bind There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. 2019-11-01 5 CVE-2019-6470
CONFIRM
REDHAT
CONFIRM
CONFIRM
CONFIRM investintech -- able2extract_professional An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file. 2019-11-05 6.8 CVE-2019-5089
MISC investintech -- able2extract_professional An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file. 2019-11-05 6.8 CVE-2019-5088
MISC joomla! -- joomla! An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure. 2019-11-06 5 CVE-2019-18674
MISC joomla! -- joomla! An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. 2019-11-06 6.8 CVE-2019-18650
MISC konversation -- konversation konversation before 1.2.3 allows attackers to cause a denial of service. 2019-11-06 5 CVE-2009-5050
MISC
MISC
MLIST kubernetes -- kube-state-metrics A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. 2019-11-05 4 CVE-2019-10223
CONFIRM
MISC lead_technologies -- leadtools An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. 2019-11-06 6.8 CVE-2019-5125
MISC lead_technologies -- leadtools An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF image to trigger this vulnerability. 2019-11-06 6.8 CVE-2019-5084
MISC lead_technologies -- leadtools An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability. 2019-11-06 6.8 CVE-2019-5100
MISC lead_technologies -- leadtools An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability. 2019-11-06 6.8 CVE-2019-5099
MISC linux -- linux_kernel Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11. 2019-11-07 5 CVE-2019-18807
MISC
MISC linux -- linux_kernel ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. 2019-11-01 4.6 CVE-2013-4367
MISC
MISC linux -- linux_kernel A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. 2019-11-07 5 CVE-2019-18808
MISC linux -- linux_kernel An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. 2019-11-04 6.9 CVE-2019-18683
MLIST
MISC
MISC luxcore -- luxcoin lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19159
MISC
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway. 2019-11-06 6.5 CVE-2019-8151
MISC magento -- magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database. 2019-11-06 4 CVE-2019-8143
MISC magento -- magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page. 2019-11-05 5 CVE-2019-8116
MISC magento -- magento Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. 2019-11-05 5 CVE-2019-8113
MISC magento -- magento A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation. 2019-11-05 5 CVE-2019-8112
MISC magento -- magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation. 2019-11-05 6.5 CVE-2019-8127
MISC magento -- magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates. 2019-11-06 6.5 CVE-2019-8130
MISC magento -- magento In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. 2019-11-06 6.5 CVE-2019-8231
MISC magento -- magento Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. 2019-11-05 5 CVE-2019-8118
MISC magento -- magento An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. 2019-11-05 5 CVE-2019-8123
MISC magento -- magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables. 2019-11-06 6.5 CVE-2019-8134
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update. 2019-11-06 6.5 CVE-2019-8137
MISC magento -- magento In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path. 2019-11-06 6.5 CVE-2019-8230
MISC magento -- magento In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates. 2019-11-06 6.5 CVE-2019-8229
MISC magento -- magento A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution. 2019-11-06 6.5 CVE-2019-8156
MISC magento -- magento In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification. 2019-11-06 6 CVE-2019-8232
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution. 2019-11-05 6 CVE-2019-8109
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout. 2019-11-06 6.5 CVE-2019-8150
MISC magento -- magento In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. 2019-11-06 4.3 CVE-2019-8233
MISC magento -- magento A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious XSS payload. 2019-11-06 4.3 CVE-2019-8153
MISC magento -- magento A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. 2019-11-05 6.5 CVE-2019-8091
MISC magento -- magento An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file. 2019-11-06 4 CVE-2019-8140
MISC magento -- magento A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service. 2019-11-06 4 CVE-2019-8133
MISC magento -- magento An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure. 2019-11-05 4 CVE-2019-8126
MISC magento -- magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management. 2019-11-05 4 CVE-2019-8108
MISC magento -- magento An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks. 2019-11-05 5 CVE-2019-8124
MISC magento -- magento An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature. 2019-11-05 5.5 CVE-2019-8090
MISC magento -- magento Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions. 2019-11-06 5 CVE-2019-8155
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in the import functionality. 2019-11-06 6.5 CVE-2019-8141
MISC magento -- magento An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion. 2019-11-05 5.5 CVE-2019-8107
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. 2019-11-05 6.5 CVE-2019-8111
MISC magento -- magento A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload. 2019-11-05 6.5 CVE-2019-8114
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution. 2019-11-05 6.5 CVE-2019-8122
MISC magento -- magento A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution. 2019-11-05 6.5 CVE-2019-8125
MISC magento -- magento
  A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. 2019-11-05 6.5 CVE-2019-8110
MISC magento -- magento
  An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files. 2019-11-05 6.5 CVE-2019-8093
MISC magento -- magento
  A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution. 2019-11-05 6.5 CVE-2019-8119
MISC mantisbt -- mantisbt An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". 2019-11-07 4 CVE-2013-1811
MISC
MISC
MISC
CONFIRM
MISC miniupnpd -- miniupnpd MiniUPnPd has information disclosure use of snprintf() 2019-11-01 5 CVE-2013-2600
MISC
MISC
MISC
MISC
MISC mondo -- mondo Mondo 2.24 has insecure handling of temporary files. 2019-11-07 6.4 CVE-2007-3915
MISC navcoin -- navcoin navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-11-05 5 CVE-2018-19155
MISC
MISC neblio -- neblio neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19165
MISC
MISC nicehash -- miner An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses. 2019-11-06 5 CVE-2019-6120
MISC
MISC nicehash -- miner A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address. 2019-11-06 4.3 CVE-2019-6122
MISC
MISC nicehash -- miner An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information. 2019-11-06 4.3 CVE-2019-6121
MISC
MISC nokogiri_gem_for_ruby_on_rails -- nokogiri_gem_for_ruby_on_rails Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents 2019-11-05 4.3 CVE-2013-6460
MISC
MISC
MISC
MISC
MISC
MISC
MISC nokogiri_gem_for_ruby_on_rails -- nokogiri_gem_for_ruby_on_rails Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits 2019-11-05 4.3 CVE-2013-6461
MISC
MISC
MISC
MISC
MISC
MISC oetiker+partner -- smokeping Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. 2019-11-01 4.3 CVE-2013-4168
MISC
MISC
MISC
MISC
MISC
MISC one_identity -- cloud_access_manager One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. 2019-11-04 4.3 CVE-2019-13497
MISC
CONFIRM one_identity -- cloud_access_manager One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. 2019-11-04 4.3 CVE-2019-13496
MISC
CONFIRM open_build_service -- open_build_service Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary 2019-11-05 6.8 CVE-2019-3685
CONFIRM openstack -- keystone_and_compute HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. 2019-11-01 4.3 CVE-2013-2255
MISC
MISC
MISC
MISC
MISC
MISC
MISC openttd -- openttd OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. 2019-11-07 4 CVE-2012-0049
CONFIRM
MISC
MISC
MISC
MISC oxid -- multiple_products An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation. 2019-11-05 6.8 CVE-2019-17062
MISC pagure -- pagure Pagure: XSS possible in file attachment endpoint 2019-11-06 4.3 CVE-2016-1000037
MISC
MISC
MISC
MISC particl -- particl particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. 2019-11-05 5 CVE-2018-19153
MISC
MISC peercoin -- peercoin peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19166
MISC
MISC pfsense -- pfsense /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser. 2019-11-02 4.3 CVE-2019-18667
MISC phantomjs -- phantomjs PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed. 2019-11-05 5 CVE-2019-17221
MISC phore -- phore Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19157
MISC
MISC pivx -- pivx PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19156
MISC
MISC popojicms -- popojicms po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. 2019-11-07 4.3 CVE-2019-18816
MISC popojicms -- popojicms PopojiCMS 2.0.1 allows refer= Open Redirection. 2019-11-07 5.8 CVE-2019-18815
MISC portainer -- portainer Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). 2019-11-07 6.5 CVE-2019-16877
MISC portainer -- portainer Portainer before 1.22.1 allows Directory Traversal. 2019-11-07 5 CVE-2019-16876
MISC portainer -- portainer Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). 2019-11-07 4 CVE-2019-16874
MISC progress -- sitefinity_cms Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title. 2019-11-06 4.3 CVE-2017-18639
MISC qualcomm -- multiple_products Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 4.6 CVE-2019-10524
CONFIRM qualcomm -- multiple_products Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 2019-11-06 5 CVE-2019-10504
CONFIRM qualcomm -- multiple_products DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 4.9 CVE-2019-10515
CONFIRM qualcomm -- multiple_products Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 2019-11-06 5 CVE-2019-10488
CONFIRM qualcomm -- multiple_products Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24 2019-11-06 4.6 CVE-2019-10502
CONFIRM
MISC qualcomm -- multiple_products ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 2019-11-06 4.6 CVE-2019-10491
CONFIRM qualcomm -- multiple_products Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130 2019-11-06 4.6 CVE-2019-10512
CONFIRM qualcomm -- multiple_products Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-11-06 4.6 CVE-2019-10496
CONFIRM qualcomm -- multiple_products Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-11-06 4.6 CVE-2019-10495
CONFIRM quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir]. 2019-11-06 6.5 CVE-2019-13076
MISC
MISC quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users. 2019-11-06 4.3 CVE-2019-13077
MISC
MISC quest -- kace_systems_management_appliance_server_center A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. 2019-11-06 4.3 CVE-2019-12917
MISC
MISC quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column. 2019-11-06 6.5 CVE-2019-13078
MISC
MISC quest -- kace_systems_management_appliance_server_center
  Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME. 2019-11-06 6.5 CVE-2019-13079
MISC
MISC red_hat -- cloud_forms_management_engine Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-11-01 4.3 CVE-2013-0186
CONFIRM
MISC red_hat -- directory_server_8_and_389_directory_server The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. 2019-11-05 5 CVE-2010-2222
MISC
MISC red_hat -- jboss_aerogear JBoss AeroGear has reflected XSS via the password field 2019-11-04 4.3 CVE-2014-3649
MISC
MISC reddcoin -- reddcoin reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19164
MISC
MISC s9y -- serendipity Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. 2019-11-05 4.3 CVE-2011-1135
CONFIRM
DEBIAN
SECTRACK
MISC s9y -- serendipity Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. 2019-11-05 4.3 CVE-2011-1133
CONFIRM
DEBIAN
SECTRACK
MISC samba -- samba A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue. 2019-11-06 4 CVE-2019-14847
SUSE
CONFIRM
MISC sap -- sap_hana_database SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service 2019-11-04 5 CVE-2019-0350
MISC
MISC sass -- libsass LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. 2019-11-06 4.3 CVE-2019-18797
MISC sass -- libsass LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. 2019-11-06 4.3 CVE-2019-18798
MISC sass -- libsass LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. 2019-11-06 4.3 CVE-2019-18799
MISC scipy -- scipy The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. 2019-11-04 4.6 CVE-2013-4251
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC secudos -- domos The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. 2019-11-02 5 CVE-2019-18665
MISC
MISC
MISC sourceforge -- archivemail archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. 2019-11-06 6.8 CVE-2006-4245
MISC
MISC stratisx_project -- stratisx stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. 2019-11-05 5 CVE-2018-19163
MISC
MISC symantec -- sonar_component The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. 2019-11-01 4.1 CVE-2019-12752
CONFIRM symfony -- symfony php-symfony2-Validator has loss of information during serialization 2019-11-01 4.9 CVE-2013-4751
MISC
MISC
MISC
MISC
MISC
MISC typo3 -- typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. 2019-11-06 4 CVE-2011-4627
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.5.4 allows Information Disclosure in the backend. 2019-11-06 4 CVE-2011-4900
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. 2019-11-04 5 CVE-2010-3668
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. 2019-11-04 5 CVE-2010-3667
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. 2019-11-04 5 CVE-2010-3666
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. 2019-11-04 4.9 CVE-2010-3669
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. 2019-11-05 5 CVE-2010-3673
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. 2019-11-06 4 CVE-2011-4901
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. 2019-11-06 4 CVE-2011-4904
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.4.1 allows XSS in the frontend search box. 2019-11-05 4.3 CVE-2010-3674
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. 2019-11-04 6.5 CVE-2010-3663
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. 2019-11-06 5.5 CVE-2011-4902
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. 2019-11-06 4.3 CVE-2011-4903
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. 2019-11-05 5.8 CVE-2010-3670
MISC
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. 2019-11-06 4.3 CVE-2011-4626
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. 2019-11-04 6.5 CVE-2010-3662
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. 2019-11-01 5.8 CVE-2010-3661
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. 2019-11-05 4.3 CVE-2010-3672
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. 2019-11-04 4 CVE-2010-3664
MISC
MISC
CONFIRM viewvc -- viewvc viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. 2019-11-07 4.3 CVE-2007-5743
MISC
MISC websieve -- websieve Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. 2019-11-01 4.3 CVE-2005-2350
MISC
MISC wordpress -- wordpress An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price. 2019-11-02 4 CVE-2019-18668
MISC
MISC
MISC wordpress -- wordpress Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter. 2019-11-06 4 CVE-2014-9014
MISC
MISC wordpress -- wordpress The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user. 2019-11-06 6.5 CVE-2014-9013
MISC wordpress -- wordpress An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. 2019-11-06 5 CVE-2018-20853
CONFIRM zoho_manageengine -- adselfservice_plus Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own. 2019-11-06 6.8 CVE-2019-18411
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info archos -- safe-t_devices On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 1.9 CVE-2019-14358
MISC broadcom -- brocade_sannav Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. 2019-11-08 2.1 CVE-2019-16210
CONFIRM dovecot -- dovecot A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. 2019-11-05 2.1 CVE-2016-4983
MISC
MISC
MISC eximious -- logo_designer Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053. 2019-11-07 1.9 CVE-2019-18821
MISC eximious -- logo_designer Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78. 2019-11-07 2.1 CVE-2019-18820
MISC eximious -- logo_designer Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7. 2019-11-07 2.1 CVE-2019-18819
MISC horde -- groupware_webmail_edition Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions 2019-11-05 2.6 CVE-2013-6365
MISC
MISC
MISC
MISC
MISC
MISC hyundai -- pay_kasse_hk-1000_devices On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 1.9 CVE-2019-14360
MISC jitbit -- asp_.net_forum A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. 2019-11-01 3.5 CVE-2019-18636
MISC
MISC lightbend -- play_framework An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host. 2019-11-05 3.5 CVE-2019-17598
MISC
CONFIRM linux -- linux_kernel In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. 2019-11-06 2.1 CVE-2019-18786
MISC linux -- linux_kernel A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. 2019-11-07 2.1 CVE-2019-18806
MISC
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event. 2019-11-06 3.5 CVE-2019-8138
MISC magento -- magento in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. 2019-11-06 3.5 CVE-2019-8228
MISC magento -- magento In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. 2019-11-06 3.5 CVE-2019-8227
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization. 2019-11-06 3.5 CVE-2019-8157
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products. 2019-11-06 3.5 CVE-2019-8145
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder. 2019-11-06 3.5 CVE-2019-8148
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label. 2019-11-06 3.5 CVE-2019-8147
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores. 2019-11-06 3.5 CVE-2019-8146
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard. 2019-11-06 3.5 CVE-2019-8152
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website. 2019-11-06 3.5 CVE-2019-8128
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store. 2019-11-06 3.5 CVE-2019-8142
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard. 2019-11-06 3.5 CVE-2019-8132
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation. 2019-11-06 3.5 CVE-2019-8129
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source. 2019-11-06 3.5 CVE-2019-8131
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address. 2019-11-05 3.5 CVE-2019-8120
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification. 2019-11-05 3.5 CVE-2019-8117
MISC magento -- magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation. 2019-11-05 3.5 CVE-2019-8115
MISC magento -- magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview. 2019-11-05 3.5 CVE-2019-8092
MISC magento -- magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product. 2019-11-06 3.5 CVE-2019-8139
MISC multiple_vendors -- bind_and_nsd_and_knot_name_servers Cache Poisoning issue exists in DNS Response Rate Limiting. 2019-11-05 2.6 CVE-2013-5661
MISC
MISC
MISC oracle -- mysql MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console 2019-11-06 2.1 CVE-2010-4178
MISC
MISC
MISC
MISC portainer -- portainer Portainer before 1.22.1 has XSS (issue 2 of 2). 2019-11-07 3.5 CVE-2019-16878
MISC portainer -- portainer Portainer before 1.22.1 has XSS (issue 1 of 2). 2019-11-07 3.5 CVE-2019-16873
MISC qualcomm -- multiple_products While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 2019-11-06 2.1 CVE-2019-2275
CONFIRM quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser. 2019-11-06 3.5 CVE-2019-13080
MISC
MISC quest -- kace_systems_management_appliance_server_center Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser. 2019-11-06 3.5 CVE-2019-13081
MISC
MISC red_hat -- enterprise_linux_7_and_mrg-2 The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. 2019-11-06 2.1 CVE-2014-8181
MISC red_hat -- virtual_desktop_server_manager Insecure temporary file vulnerability in RedHat vsdm 4.9.6. 2019-11-04 2.1 CVE-2013-4280
MISC
MISC
MISC red_hat -- cloudforms CloudForms stores user passwords in recoverable format 2019-11-04 2.1 CVE-2013-4423
MISC
MISC red_hat -- update_infrastructure RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates 2019-11-04 2.1 CVE-2013-4518
MISC
MISC redislabs -- redis Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. 2019-11-01 3.6 CVE-2013-0180
MLIST
MISC redislabs -- redis Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. 2019-11-01 3.6 CVE-2013-0178
MISC
MISC
MISC
MISC
MISC
MISC rhq -- mongo_db_drift_server An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. 2019-11-04 3.6 CVE-2013-4374
MISC
MISC secudos -- domos The Log module in SECUDOS DOMOS before 5.6 allows XSS. 2019-11-02 3.5 CVE-2019-18664
MISC
MISC shift_cryptosecurity -- bitbox02 On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. Note: BIP39 secrets are not displayed by default on this device. The side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 1.9 CVE-2019-18673
MISC typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. 2019-11-06 3.5 CVE-2011-4632
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. 2019-11-06 3.5 CVE-2011-4631
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. 2019-11-06 3.5 CVE-2011-4630
MISC
CONFIRM typo3 -- typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. 2019-11-06 3.5 CVE-2011-4629
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. 2019-11-04 3.5 CVE-2010-3665
MISC
MISC
CONFIRM typo3 -- typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. 2019-11-01 3.5 CVE-2010-3660
MISC
MISC
CONFIRM Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info alsa_project -- alsa-utils alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. 2019-11-09 not yet calculated CVE-2009-0035
MISC
MISC
MISC apache -- arrow While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. 2019-11-08 not yet calculated CVE-2019-12410
MLIST
MLIST
MLIST apache -- arrow It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. 2019-11-08 not yet calculated CVE-2019-12408
CONFIRM
MLIST apache -- cxf Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". 2019-11-06 not yet calculated CVE-2019-12406
CONFIRM apache -- cxf Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. 2019-11-06 not yet calculated CVE-2019-12419
CONFIRM apache -- impala In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. 2019-11-05 not yet calculated CVE-2019-10084
MLIST
CONFIRM apache -- qpid-cpp qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . 2019-11-09 not yet calculated CVE-2009-5004
MISC
MISC
MISC
MISC arm -- mbed_os A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on. 2019-11-04 not yet calculated CVE-2019-17210
CONFIRM arm -- mbed_os
  An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message. 2019-11-05 not yet calculated CVE-2019-17211
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC arm -- mbed_os
  Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated. 2019-11-05 not yet calculated CVE-2019-17212
MISC
MISC
MISC
MISC
MISC
MISC
MISC atlassian -- jira_service_desk_server_and_service_desk_data_center The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. 2019-11-07 not yet calculated CVE-2019-15004
MISC
MISC
BUGTRAQ atlassian -- jira_service_desk_server_and_service_desk_data_center The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. 2019-11-07 not yet calculated CVE-2019-15003
MISC
MISC
BUGTRAQ

atlassian -- multiple_products

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2. 2019-11-08 not yet calculated CVE-2019-15005
MISC broadcom -- brocade_sannav A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. 2019-11-08 not yet calculated CVE-2019-16205
CONFIRM broadcom -- brocade_sannav Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). 2019-11-08 not yet calculated CVE-2019-16208
CONFIRM broadcom -- brocade_sannav
  The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. 2019-11-08 not yet calculated CVE-2019-16206
CONFIRM

centrify -- authentication_service_and_privilege_elevation_service

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file. 2019-11-05 not yet calculated CVE-2019-18631
CONFIRM ceph -- ceph A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. 2019-11-08 not yet calculated CVE-2019-10222
CONFIRM
MISC cisco-- fxos_and_nx-os_software A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. 2019-11-05 not yet calculated CVE-2019-1734
CISCO clamav -- clamav clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. 2019-11-07 not yet calculated CVE-2007-6745
MISC
MISC
MISC cross-origin_resource_sharing -- cross-origin_resource_sharing It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. 2019-11-08 not yet calculated CVE-2019-14860
CONFIRM dell_emc -- idrac8 Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. 2019-11-07 not yet calculated CVE-2019-3764
CONFIRM drupal -- drupal Drupal 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. 2019-11-07 not yet calculated CVE-2010-2250
MISC
CONFIRM
MLIST drupal -- drupal drupal6 version 6.16 has open redirection 2019-11-06 not yet calculated CVE-2010-2471
MISC
MISC
MISC
CONFIRM
MLIST drupal -- drupal Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. 2019-11-07 not yet calculated CVE-2010-2472
MISC
CONFIRM
MLIST drupal -- drupal Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. 2019-11-07 not yet calculated CVE-2010-2473
MISC
CONFIRM
MLIST dtc-xen -- dtc-xen dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. 2019-11-09 not yet calculated CVE-2009-4011
MISC
MISC
MISC eclipse -- jetty Dump Servlet information leak in jetty before 6.1.22. 2019-11-06 not yet calculated CVE-2009-5045
MISC
MISC
MLIST eclipse -- jetty JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. 2019-11-06 not yet calculated CVE-2009-5046
MISC
MISC
MLIST energycap -- energycap Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard. 2019-11-08 not yet calculated CVE-2019-18623
CONFIRM
CONFIRM eyecomms -- eyecms A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed. 2019-11-07 not yet calculated CVE-2019-17605
MISC
MISC eyecomms -- eyecms An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter). 2019-11-07 not yet calculated CVE-2019-17604
MISC
MISC firegpg -- firegpg FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key. 2019-11-08 not yet calculated CVE-2008-7272
MISC
MISC
MISC gambas -- gambas Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. 2019-11-07 not yet calculated CVE-2013-1809
MISC
MISC
MISC
MISC
MISC
CONFIRM gdm3 -- gdm3 gdm3 3.14.2 and possibly later has an information leak before screen lock 2019-11-05 not yet calculated CVE-2016-1000002
MISC
MISC
MISC
MISC gitolite -- gitolite gitolite before 1.4.1 does not filter src/ or hooks/ from path names. 2019-11-07 not yet calculated CVE-2010-2447
CONFIRM
CONFIRM
CONFIRM
MISC
MLIST google -- chrome Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function. 2019-11-07 not yet calculated CVE-2011-2353
MISC
MISC
MISC
MISC google -- chrome Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13. 2019-11-07 not yet calculated CVE-2011-2807
MISC
MISC google -- chrome WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. 2019-11-05 not yet calculated CVE-2011-1460
MISC
MISC
MISC google -- chrome A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms. 2019-11-07 not yet calculated CVE-2011-2337
MISC
MISC
MISC google -- chrome The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin. 2019-11-05 not yet calculated CVE-2011-1459
MISC
MISC
MISC google -- chrome An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function. 2019-11-06 not yet calculated CVE-2011-1298
MISC
MISC
MISC google -- chrome An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. 2019-11-07 not yet calculated CVE-2011-2336
MISC
MISC
MISC google -- chrome
  A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed. 2019-11-06 not yet calculated CVE-2011-2808
MISC
MISC
MISC
MISC
MISC
MISC
MISC hibernate -- hibernate_validator A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. 2019-11-08 not yet calculated CVE-2019-10219
CONFIRM horde -- groupware_webmail_edition Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book 2019-11-05 not yet calculated CVE-2013-6364
MISC
MISC
MISC
MISC
MISC
MISC hp -- inkjet_priniters For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device. 2019-11-07 not yet calculated CVE-2019-6337
MISC hp -- multiple_products A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. 2019-11-05 not yet calculated CVE-2019-16284
CONFIRM hpe -- nimble_storage_systems Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older 2019-11-07 not yet calculated CVE-2019-11996
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369. 2019-11-09 not yet calculated CVE-2018-1721
XF
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271. 2019-11-09 not yet calculated CVE-2019-4334
XF
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. 2019-11-09 not yet calculated CVE-2019-4645
XF
CONFIRM ibm -- cognos_controller IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659. 2019-11-09 not yet calculated CVE-2019-4412
XF
CONFIRM ibm -- cognos_controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. 2019-11-09 not yet calculated CVE-2019-4411
XF
CONFIRM ibm -- i IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. 2019-11-09 not yet calculated CVE-2019-4450
XF
CONFIRM ibm -- qradar IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618. 2019-11-09 not yet calculated CVE-2019-4454
XF
CONFIRM ibm -- qradar IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239. 2019-11-09 not yet calculated CVE-2019-4581
XF
CONFIRM ibm -- qradar IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205. 2019-11-09 not yet calculated CVE-2019-4556
XF
CONFIRM ibm -- qradar IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. 2019-11-09 not yet calculated CVE-2019-4509
XF
CONFIRM ibm -- qradar IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779. 2019-11-09 not yet calculated CVE-2019-4470
XF
CONFIRM intelbras -- wrn_150_devices An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). 2019-11-07 not yet calculated CVE-2019-17222
MISC ldap-git-backup -- ldap-git-backup ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. 2019-11-07 not yet calculated CVE-2013-1425
CONFIRM
MISC
MISC liboping -- liboping liboping 1.3.2 allows users reading arbitrary files upon the local system. 2019-11-09 not yet calculated CVE-2009-3614
MISC
MISC lintian -- lintian Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. 2019-11-07 not yet calculated CVE-2013-1429
MISC
MISC
MISC
MISC linux -- linux_kernel In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. 2019-11-07 not yet calculated CVE-2007-3732
MISC
MISC
MISC magento -- magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication. 2019-11-06 not yet calculated CVE-2019-8149
MISC magento -- magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update. 2019-11-06 not yet calculated CVE-2019-8154
MISC mahara -- mahara Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. 2019-11-07 not yet calculated CVE-2013-1426
CONFIRM
CONFIRM
MISC makepasswd -- makepasswd makepasswd 1.10 default settings generate insecure passwords 2019-11-06 not yet calculated CVE-2010-2247
MISC
MISC mantisbt -- mantisbt MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. 2019-11-09 not yet calculated CVE-2009-2802
CONFIRM
CONFIRM
MISC matrix -- synapse Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. 2019-11-08 not yet calculated CVE-2019-18835
MISC
MISC medtronic -- valleylab_exchange_client_server Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. 2019-11-08 not yet calculated CVE-2019-13539
MISC medtronic -- valleylab_exchange_client_server Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. 2019-11-08 not yet calculated CVE-2019-13543
MISC medtronic -- valleylab_ft10_energy_platform In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. 2019-11-08 not yet calculated CVE-2019-13531
MISC medtronic -- valleylab_ft10_energy_platform In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. 2019-11-08 not yet calculated CVE-2019-13535
MISC mesa_3d -- mesa_3d_graphics_library An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. 2019-11-05 not yet calculated CVE-2019-5068
MISC mod_ruid2 -- mod_ruid2 mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. 2019-11-08 not yet calculated CVE-2013-1889
MISC
MISC
MISC
CONFIRM monkeyd -- monkeyd The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. 2019-11-07 not yet calculated CVE-2013-1771
MISC
MISC nvidia -- geforce_experience NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution. 2019-11-09 not yet calculated CVE-2019-5701
CONFIRM nvidia -- geforce_experience NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. 2019-11-09 not yet calculated CVE-2019-5689
CONFIRM nvidia -- virtual_gpu_manager NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service. 2019-11-09 not yet calculated CVE-2019-5697
CONFIRM nvidia -- virtual_gpu_manager NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service. 2019-11-09 not yet calculated CVE-2019-5696
CONFIRM nvidia -- virtual_gpu_manager NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service. 2019-11-09 not yet calculated CVE-2019-5698
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service. 2019-11-09 not yet calculated CVE-2019-5693
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges. 2019-11-09 not yet calculated CVE-2019-5690
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service. 2019-11-09 not yet calculated CVE-2019-5692
CONFIRM nvidia -- windows_gpu_display_driver NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access. 2019-11-09 not yet calculated CVE-2019-5694
MISC nvidia -- windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges. 2019-11-09 not yet calculated CVE-2019-5691
CONFIRM openstack -- mistral An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. 2019-11-08 not yet calculated CVE-2019-3866
CONFIRM patriot -- viper_rgb The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. 2019-11-09 not yet calculated CVE-2019-18845
MISC philips -- tasy_emr In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. 2019-11-08 not yet calculated CVE-2019-13557
MISC phpoffice -- phpspreadsheet PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ?<!ENTITY? and thus allowing for an xml external entity processing (XXE) attack. 2019-11-07 not yet calculated CVE-2019-12331
CONFIRM
MISC python_packaging_authority -- python_package_installer The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. 2019-11-05 not yet calculated CVE-2013-5123
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC rapid7 -- metasploit_pro Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface. 2019-11-06 not yet calculated CVE-2019-5642
CONFIRM red_hat -- 389_directory_server A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. 2019-11-08 not yet calculated CVE-2019-14824
CONFIRM red_hat -- enterprise_linux_5 frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user. 2019-11-07 not yet calculated CVE-2008-3278
MISC
MISC
MISC red_hat -- jboss_operations_network In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. 2019-11-08 not yet calculated CVE-2008-5083
MISC
MISC red_hat -- tuned tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. 2019-11-08 not yet calculated CVE-2013-1820
MISC
MISC
MISC red_hat -- virtualization_manager In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. 2019-11-09 not yet calculated CVE-2009-3552
MISC
MISC
BUGTRAQ samba -- samba A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. 2019-11-06 not yet calculated CVE-2019-14833
SUSE
CONFIRM
MISC samba -- samba A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. 2019-11-06 not yet calculated CVE-2019-10218
SUSE
CONFIRM
MISC samsung -- multiple_products Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status. 2019-11-06 not yet calculated CVE-2019-16401
MISC samsung -- multiple_products Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks. 2019-11-06 not yet calculated CVE-2019-16400
MISC shibboleth -- shibboleth_service_provider The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. 2019-11-07 not yet calculated CVE-2010-2450
MISC
MISC
CONFIRM simplesamlphp -- simplesamlphp Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. 2019-11-07 not yet calculated CVE-2019-3465
MISC
MLIST
BUGTRAQ
MISC
DEBIAN simplesamlphp -- simplesamlphp simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. 2019-11-06 not yet calculated CVE-2011-4625
MISC
MISC strapi -- strapi strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. 2019-11-07 not yet calculated CVE-2019-18818
MISC
MISC
MISC syscp -- syscp syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. 2019-11-07 not yet calculated CVE-2010-2476
MISC
MISC
MLIST tahoe-lafs -- tahoe-lafs Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. 2019-11-07 not yet calculated CVE-2012-0051
MISC
MISC
MISC
MISC
MISC
CONFIRM

termpkg -- termpkg

termpkg 3.3 suffers from buffer overflow. 2019-11-06 not yet calculated CVE-2006-3100
MISC
MISC tmaxsoft -- jeus JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. 2019-11-08 not yet calculated CVE-2019-17327
MISC veritas -- multiple_products An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows. 2019-11-05 not yet calculated CVE-2019-18780
MISC
MISC
MISC
MISC viber -- viber Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 16 bytes of udid in a binary format, which is located at approximately offset 0x40 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS. 2019-11-06 not yet calculated CVE-2019-18800
MISC wolfssl -- wolfssl In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. 2019-11-09 not yet calculated CVE-2019-18840
MISC wordpress -- wordpress A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. 2019-11-08 not yet calculated CVE-2019-17661
MISC zte -- mf910s_router Security researcher Shen Ying from the Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security. 2019-11-07 not yet calculated CVE-2019-3422
CONFIRM zte -- zxupn-9000e The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. 2019-11-08 not yet calculated CVE-2019-3426
CONFIRM zte -- zxupn-9000e The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. 2019-11-08 not yet calculated CVE-2019-3425
CONFIRM Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

2019. november 4.

Vulnerability Summary for the Week of October 28, 2019

Original release date: November 4, 2019

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- experience_manager
  Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. 2019-10-25 7.5 CVE-2019-8088
CONFIRM apache -- thrift In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. 2019-10-29 7.8 CVE-2019-0205
MISC bitlbee -- bitlbee
  Bitlbee does not drop extra group privileges correctly in unix.c 2019-10-29 7.5 CVE-2012-1187
MISC
MISC
MISC
MISC cisco -- video_communications_server
  Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. 2019-10-29 9 CVE-2011-2538
CONFIRM codesys -- eni_server
  CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. 2019-10-25 7.5 CVE-2019-16265
CONFIRM
MISC d-link -- dir-865
  D-Link DIR-865L has PHP File Inclusion in the router xml file. 2019-10-25 7.5 CVE-2013-4857
MISC
MISC d-link -- dir-865l_devices
  D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. 2019-10-25 7.9 CVE-2013-4855
MISC
MISC
MISC debian_project -- qtparted
  qtparted has insecure library loading which may allow arbitrary code execution 2019-10-29 7.5 CVE-2010-3375
DEBIAN
MISC
MISC google -- chrome
  browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. 2019-10-25 7.5 CVE-2016-5202
MISC
MISC
MISC
MISC
MISC hot-world -- repetier-server A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. 2019-10-28 10 CVE-2019-14450
CONFIRM
MISC hot-world -- repetier-server
  RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. 2019-10-25 10 CVE-2019-14451
CONFIRM
MISC intrasrv -- intrasrv
  A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system. 2019-10-28 10 CVE-2019-17181
MISC
MISC jetbrains -- teamcity In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. 2019-10-31 7.5 CVE-2019-18364
CONFIRM k7_computing -- antivirus_premium_and_total_security_and_ultimate_security
  In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process. 2019-10-28 7.5 CVE-2019-16897
MISC labf -- nfsaxe_ftp_client
  Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. 2019-10-25 7.5 CVE-2017-14742
EXPLOIT-DB linksys -- ea6500_router
  Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. 2019-10-25 10 CVE-2013-4658
MISC
MISC
MISC medoo -- medoo
  columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. 2019-10-30 7.5 CVE-2019-10762
MISC
MISC mikrotik -- routeros
  RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords. 2019-10-29 8.5 CVE-2019-3977
MISC milesight -- ip_security_cameras
  Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. 2019-10-25 7.5 CVE-2016-2356
MISC
MISC
MISC milesight -- ip_security_cameras
  Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. 2019-10-25 7.5 CVE-2016-2359
MISC
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.) 2019-10-28 10 CVE-2019-14930
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices
  An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data. 2019-10-28 10 CVE-2019-14931
MISC
MISC mitsubishi_electric_and_inea -- me-rtu_devices
  An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites. 2019-10-28 7.5 CVE-2019-14926
MISC
MISC philips -- intellispace_perinatal
  In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. 2019-10-25 7.2 CVE-2019-13546
MISC php -- php
  In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. 2019-10-28 7.5 CVE-2019-11043
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
MISC
FEDORA
FEDORA
FEDORA
CONFIRM
CONFIRM
UBUNTU
UBUNTU
DEBIAN
DEBIAN pixelpost -- pixelpost
  pixelpost 1.7.1 has SQL injection 2019-10-28 7.5 CVE-2009-4899
MISC
DEBIAN
MISC rconfig -- rconfig
  An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. 2019-10-28