Vulnerability Summary for the Week of October 28, 2019
Released
Nov 04, 2019
Document ID
SB19-308
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 2019-10-25 | 7.5 | CVE-2019-8088 CONFIRM |
| apache -- thrift | In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. | 2019-10-29 | 7.8 | CVE-2019-0205 MISC |
| bitlbee -- bitlbee | Bitlbee does not drop extra group privileges correctly in unix.c | 2019-10-29 | 7.5 | CVE-2012-1187 MISC MISC MISC MISC |
| cisco -- video_communications_server | Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. | 2019-10-29 | 9 | CVE-2011-2538 CONFIRM |
| codesys -- eni_server | CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | 2019-10-25 | 7.5 | CVE-2019-16265 CONFIRM MISC |
| d-link -- dir-865 | D-Link DIR-865L has PHP File Inclusion in the router xml file. | 2019-10-25 | 7.5 | CVE-2013-4857 MISC MISC |
| d-link -- dir-865l_devices | D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | 2019-10-25 | 7.9 | CVE-2013-4855 MISC MISC MISC |
| debian_project -- qtparted | qtparted has insecure library loading which may allow arbitrary code execution | 2019-10-29 | 7.5 | CVE-2010-3375 DEBIAN MISC MISC |
| google -- chrome | browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | 2019-10-25 | 7.5 | CVE-2016-5202 MISC MISC MISC MISC MISC |
| hot-world -- repetier-server | A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. | 2019-10-28 | 10 | CVE-2019-14450 CONFIRM MISC |
| hot-world -- repetier-server | RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. | 2019-10-25 | 10 | CVE-2019-14451 CONFIRM MISC |
| intrasrv -- intrasrv | A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system. | 2019-10-28 | 10 | CVE-2019-17181 MISC MISC |
| jetbrains -- teamcity | In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. | 2019-10-31 | 7.5 | CVE-2019-18364 CONFIRM |
| k7_computing -- antivirus_premium_and_total_security_and_ultimate_security | In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process. | 2019-10-28 | 7.5 | CVE-2019-16897 MISC |
| labf -- nfsaxe_ftp_client | Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. | 2019-10-25 | 7.5 | CVE-2017-14742 EXPLOIT-DB |
| linksys -- ea6500_router | Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. | 2019-10-25 | 10 | CVE-2013-4658 MISC MISC MISC |
| medoo -- medoo | columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. | 2019-10-30 | 7.5 | CVE-2019-10762 MISC MISC |
| mikrotik -- routeros | RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords. | 2019-10-29 | 8.5 | CVE-2019-3977 MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | 2019-10-25 | 7.5 | CVE-2016-2356 MISC MISC MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | 2019-10-25 | 7.5 | CVE-2016-2359 MISC MISC MISC |
| mitsubishi_electric_and_inea -- me-rtu_devices | An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.) | 2019-10-28 | 10 | CVE-2019-14930 MISC MISC |
| mitsubishi_electric_and_inea -- me-rtu_devices | An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data. | 2019-10-28 | 10 | CVE-2019-14931 MISC MISC |
| mitsubishi_electric_and_inea -- me-rtu_devices | An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites. | 2019-10-28 | 7.5 | CVE-2019-14926 MISC MISC |
| philips -- intellispace_perinatal | In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. | 2019-10-25 | 7.2 | CVE-2019-13546 MISC |
| php -- php | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | 2019-10-28 | 7.5 | CVE-2019-11043 REDHAT REDHAT REDHAT REDHAT CONFIRM MISC FEDORA FEDORA FEDORA CONFIRM CONFIRM UBUNTU UBUNTU DEBIAN DEBIAN |
| pixelpost -- pixelpost | pixelpost 1.7.1 has SQL injection | 2019-10-28 | 7.5 | CVE-2009-4899 MISC DEBIAN MISC |
| rconfig -- rconfig | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | 2019-10-28 | 9 | CVE-2019-16663 MISC MISC MISC MISC MISC |
| rconfig -- rconfig | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. | 2019-10-28 | 10 | CVE-2019-16662 MISC MISC MISC MISC MISC MISC |
| rittal -- rittal_chiller_sk_3232_series | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. | 2019-10-25 | 10 | CVE-2019-13553 FULLDISC MISC |
| sequelize -- sequelize | Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. | 2019-10-29 | 7.5 | CVE-2019-10748 MISC MISC MISC |
| sequelize -- sequelize | sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. | 2019-10-29 | 7.5 | CVE-2019-10749 MISC MISC |
| snoopy -- snoopy e | Snoopy before 2.0.0 has a security hole in exec cURL | 2019-10-28 | 7.5 | CVE-2002-2444 MISC DEBIAN MISC |
| sugarcrm -- sugarcrm | SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. | 2019-10-29 | 7.5 | CVE-2012-0694 MISC MISC EXPLOIT-DB |
| tightvnc_software -- tightvnc | TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | 2019-10-29 | 7.5 | CVE-2019-8287 MLIST |
| tightvnc_software -- tightvnc | TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | 2019-10-29 | 7.5 | CVE-2019-15679 MLIST |
| tightvnc_software -- tightvnc | TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. | 2019-10-29 | 7.5 | CVE-2019-15678 MLIST |
| tiki_wiki -- cms_groupware | Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | 2019-10-28 | 7.5 | CVE-2010-4239 MISC MISC MISC MISC |
| tp-link -- tl-wdr4300_devices | TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | 2019-10-25 | 9.3 | CVE-2013-4848 MISC MISC MISC MISC MISC |
| transmission -- transmission | Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | 2019-10-30 | 7.5 | CVE-2010-0748 MISC CONFIRM MISC CONFIRM MLIST |
| youphptube -- youphptube | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. | 2019-10-25 | 7.5 | CVE-2019-5127 MISC |
| youphptube -- youphptube | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. | 2019-10-25 | 7.5 | CVE-2019-5128 MISC |
| youphptube -- youphptube | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack. | 2019-10-25 | 7.5 | CVE-2019-5129 MISC |
| ytnef -- ytnef | ytnef has directory traversal | 2019-10-29 | 7.5 | CVE-2009-3887 MISC MISC MISC MISC MISC |
| zend_framework -- zend_framework | Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | 2019-10-25 | 7.5 | CVE-2015-0270 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | 5 | CVE-2019-8087 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | 4.3 | CVE-2019-8083 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | 4.3 | CVE-2019-8084 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | 4.3 | CVE-2019-8085 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | 4.3 | CVE-2019-8234 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | 5 | CVE-2019-8081 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | 5 | CVE-2019-8082 CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 2019-10-25 | 5 | CVE-2019-8086 CONFIRM |
| apache -- hadoop | Hadoop 1.0.3 contains a symlink vulnerability. | 2019-10-29 | 5 | CVE-2012-2945 MISC MISC |
| apache -- thrift | In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. | 2019-10-29 | 5 | CVE-2019-0210 CONFIRM |
| clipsoft -- rexpert | ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | 2019-10-30 | 4.3 | CVE-2019-17324 MISC |
| clipsoft -- rexpert | ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | 2019-10-30 | 4.3 | CVE-2019-17325 MISC |
| clipsoft -- rexpert | ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | 2019-10-30 | 5.8 | CVE-2019-17326 MISC |
| clipsoft -- rexpert | ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | 2019-10-30 | 4.3 | CVE-2019-17322 MISC |
| clipsoft -- rexpert | ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required. | 2019-10-30 | 5 | CVE-2019-17321 MISC |
| clipsoft -- rexpert | ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | 2019-10-30 | 6.8 | CVE-2019-17323 MISC |
| corehr -- core_portal | CoreHR Core Portal before 27.0.7 allows stored XSS. | 2019-10-25 | 4.3 | CVE-2019-18221 MISC MISC |
| debian_project -- mercurial | Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. | 2019-10-29 | 4.3 | CVE-2010-4237 MISC CONFIRM CONFIRM MISC |
| debian_project -- pootle | pootle 2.0.5 has XSS via 'match_names' parameter | 2019-10-28 | 4.3 | CVE-2010-4245 MISC DEBIAN MISC MISC |
| debian_project -- xpdf | In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. | 2019-10-30 | 4.3 | CVE-2010-0207 MISC MISC |
| debian_project -- xpdf | xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. | 2019-10-30 | 4.3 | CVE-2010-0206 MISC MISC |
| debian_project -- zoo | Zoo 2.10 has Directory traversal | 2019-10-28 | 5 | CVE-2005-2349 MISC MISC |
| devada -- dzone_and_answerhub | An XML External Entity Injection vulnerability exists in Dzone AnswerHub. | 2019-10-28 | 5 | CVE-2017-15725 MISC |
| digium -- asterisk | asterisk allows calls on prohibited networks | 2019-10-29 | 5 | CVE-2009-3723 MISC MISC MISC |
| fabrik -- fabrik | Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | 2019-10-29 | 4.3 | CVE-2018-10727 MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692. | 2019-10-25 | 6.8 | CVE-2019-17139 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276. | 2019-10-25 | 6.8 | CVE-2019-17145 MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274. | 2019-10-25 | 6.8 | CVE-2019-17144 MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081. | 2019-10-25 | 6.8 | CVE-2019-17142 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044. | 2019-10-25 | 6.8 | CVE-2019-17141 MISC MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273. | 2019-10-25 | 4.3 | CVE-2019-17143 MISC |
| foxit -- phantompdf | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091. | 2019-10-25 | 6.8 | CVE-2019-17140 MISC MISC |
| foxit -- studio_photo | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809. | 2019-10-25 | 4.3 | CVE-2019-17138 MISC MISC |
| gnuboard -- gnuboard5 | GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter. | 2019-10-30 | 4.3 | CVE-2018-18678 MISC MISC MISC |
| gpw -- gpw | gpw generates shorter passwords than required | 2019-10-29 | 5 | CVE-2011-4931 MISC MISC MISC MISC |
| honeywell -- ip-ak2 | In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. | 2019-10-25 | 5 | CVE-2019-13525 MISC |
| ibm -- api_connect | IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883. | 2019-10-29 | 5 | CVE-2019-4600 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. | 2019-10-25 | 5 | CVE-2019-4399 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261. | 2019-10-25 | 4 | CVE-2019-4400 XF CONFIRM |
| ibm -- maximo_asset_management | After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948. | 2019-10-29 | 6.5 | CVE-2019-4546 XF CONFIRM |
| ibm -- security_access_manager_appliance | IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. | 2019-10-25 | 5 | CVE-2019-4036 XF CONFIRM |
| ibm -- security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. | 2019-10-29 | 5 | CVE-2019-4339 XF CONFIRM |
| ibm -- security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. | 2019-10-29 | 6.4 | CVE-2019-4306 XF CONFIRM |
| ibm -- security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. | 2019-10-29 | 5 | CVE-2019-4314 XF CONFIRM |
| ibm -- security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210. | 2019-10-29 | 4.3 | CVE-2019-4330 XF CONFIRM |
| ibm -- security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209. | 2019-10-29 | 4 | CVE-2019-4329 XF CONFIRM |
| ibm -- security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037. | 2019-10-29 | 5 | CVE-2019-4311 XF CONFIRM |
| ikiwiki -- ikiwiki | A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. | 2019-10-30 | 4.3 | CVE-2010-1673 CONFIRM MISC |
| ikiwiki -- ikiwiki | Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. | 2019-10-29 | 4.3 | CVE-2011-0428 CONFIRM MISC |
| jetbrains -- teamcity | In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | 2019-10-31 | 5 | CVE-2019-18369 CONFIRM |
| jetbrains -- teamcity | In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. | 2019-10-31 | 5 | CVE-2019-18363 CONFIRM |
| labkey -- labkey_server | An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. | 2019-10-29 | 6.8 | CVE-2019-9926 MISC MISC |
| labkey -- labkey_server | An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. | 2019-10-29 | 5 | CVE-2019-9757 MISC MISC |
| libpod -- libpod | An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host. | 2019-10-28 | 5.8 | CVE-2019-18466 MISC MISC MISC MISC |
| mcafee -- mcafee_total_protection | A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. | 2019-10-28 | 4.6 | CVE-2019-3636 CONFIRM |
| mediawiki -- mediawiki | An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information. | 2019-10-29 | 5 | CVE-2019-18612 MISC MISC |
| mediawiki -- mediawiki | A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | 2019-10-31 | 4.3 | CVE-2013-1951 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| mediawiki -- mediawiki | An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. | 2019-10-29 | 4 | CVE-2019-18611 MISC MISC |
| mediawiki -- mediawiki | mediawiki allows deleted text to be exposed | 2019-10-29 | 5 | CVE-2012-0046 MISC MISC MISC |
| mikrotik -- routeros | RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records. | 2019-10-29 | 5 | CVE-2019-3979 MISC |
| mikrotik -- routeros | RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. | 2019-10-29 | 6.5 | CVE-2019-3976 MISC |
| mikrotik -- routeros | RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning | 2019-10-29 | 5 | CVE-2019-3978 MISC MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | 2019-10-25 | 5 | CVE-2016-2358 MISC MISC MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | 2019-10-25 | 5 | CVE-2016-2360 MISC MISC MISC |
| milesight -- ip_security_cameras | Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | 2019-10-25 | 5 | CVE-2016-2357 MISC MISC MISC |
| mitsubishi_electric_and_inea -- me-rtu_devices
| An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. | 2019-10-28 | 4 | CVE-2019-14925 MISC MISC |
| mitsubishi_electric_and_inea -- me-rtu_devices | An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service. | 2019-10-28 | 5 | CVE-2019-14929 MISC MISC |
| mitsubishi_electric_and_inea -- me-rtu_devices | An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data). | 2019-10-28 | 5 | CVE-2019-14927 MISC MISC |
| netapp -- clustered_data_ontap | Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | 2019-10-25 | 5 | CVE-2019-5508 MISC |
| openafs_foundation -- openafs | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. | 2019-10-29 | 5 | CVE-2019-18602 MISC |
| openafs_foundation -- openafs | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. | 2019-10-29 | 4.3 | CVE-2019-18603 MISC |
| openafs_foundation -- openafs | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. | 2019-10-29 | 5 | CVE-2019-18601 MISC |
| pimcore -- pimcore | Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. | 2019-10-31 | 4.3 | CVE-2019-18656 MISC |
| pixelpost -- pixelpost | pixelpost 1.7.1 has XSS | 2019-10-28 | 4.3 | CVE-2009-4900 MISC DEBIAN MISC |
| python_keyring_lib -- python_keyring_lib | Python keyring lib before 0.10 created keyring files with world-readable permissions. | 2019-10-28 | 5 | CVE-2012-5577 MISC CONFIRM MISC MISC MISC |
| rittal -- rittal_chiller_sk_3232_series | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. | 2019-10-25 | 5 | CVE-2019-13549 FULLDISC MISC |
| schneider_electric -- multiple_modicon_controllers | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol. | 2019-10-29 | 4 | CVE-2019-6841 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol. | 2019-10-29 | 4 | CVE-2019-6842 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol. | 2019-10-29 | 4 | CVE-2019-6843 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. | 2019-10-29 | 4 | CVE-2019-6844 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol. | 2019-10-29 | 4 | CVE-2019-6847 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module. | 2019-10-29 | 5 | CVE-2019-6849 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module. | 2019-10-29 | 5 | CVE-2019-6848 CONFIRM |
| schneider_electric -- multiple_modicon_controllers | A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. | 2019-10-29 | 5 | CVE-2019-6850 CONFIRM |
| terramaster -- fs-210_devices | An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. | 2019-10-28 | 6.5 | CVE-2019-18195 MISC |
| tightvnc_software -- tightvnc | TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. | 2019-10-29 | 5 | CVE-2019-15680 MLIST |
| tiki_wiki -- cms_groupware | Tiki Wiki CMS Groupware 5.2 has XSS | 2019-10-28 | 4.3 | CVE-2010-4240 MISC MISC MISC MISC |
| tiki_wiki -- cms_groupware | Tiki Wiki CMS Groupware 5.2 has CSRF | 2019-10-28 | 6.8 | CVE-2010-4241 MISC MISC MISC MISC |
| total_defense -- anti-virus | The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted. | 2019-10-31 | 5.8 | CVE-2019-18644 MISC |
| transmission -- transmission | Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. | 2019-10-30 | 5 | CVE-2010-0749 MISC CONFIRM MISC CONFIRM MLIST |
| trend_micro -- apex_one | Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication. | 2019-10-28 | 5 | CVE-2019-18188 N/A |
| trend_micro -- office_scan | Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. | 2019-10-28 | 5 | CVE-2019-18187 N/A |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | 2019-10-25 | 6.5 | CVE-2019-5120 MISC |
| youphptube -- youphptube | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. | 2019-10-25 | 6.5 | CVE-2019-5122 MISC |
| youphptube -- youphptube | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php | 2019-10-25 | 6.5 | CVE-2019-5121 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | 2019-10-25 | 6.5 | CVE-2019-5119 MISC |
| youphptube -- youphptube | Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | 2019-10-25 | 6.5 | CVE-2019-5117 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | 2019-10-25 | 6.5 | CVE-2019-5116 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. | 2019-10-25 | 6.5 | CVE-2019-5114 MISC |
| youphptube -- youphptube | Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. | 2019-10-25 | 6.5 | CVE-2019-5123 MISC |
| zucchetti -- infobusiness | Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter. | 2019-10-30 | 4.3 | CVE-2019-18205 MISC |
| zucchetti -- infobusiness | Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution. | 2019-10-30 | 6.5 | CVE-2019-18204 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- airflow | A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. | 2019-10-30 | 3.5 | CVE-2019-12417 MLIST |
| d-link -- dir-865l_devices | D-Link DIR-865L has Information Disclosure. | 2019-10-25 | 2.9 | CVE-2013-4856 MISC MISC MISC |
| debian_project -- mailscanner | mailscanner can allow local users to prevent virus signatures from being updated | 2019-10-28 | 2.1 | CVE-2010-3293 MISC DEBIAN MISC MISC |
| debian_project -- paxtext | paxtest handles temporary files insecurely | 2019-10-29 | 2.1 | CVE-2010-3373 MISC MISC MISC |
| gmer -- gmer | A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability. | 2019-10-29 | 2.1 | CVE-2016-4289 MISC |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. | 2019-10-25 | 2.1 | CVE-2019-4395 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. | 2019-10-25 | 3.5 | CVE-2019-4396 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. | 2019-10-25 | 3.5 | CVE-2019-4461 XF CONFIRM |
| ibm -- cloud_orchestrator | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. | 2019-10-25 | 2.1 | CVE-2019-4394 XF CONFIRM |
| ibm -- security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. | 2019-10-29 | 2.1 | CVE-2019-4307 XF CONFIRM |
| ibm -- security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. | 2019-10-29 | 2.1 | CVE-2019-4309 XF CONFIRM |
| labkey -- labkey_server | An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation. | 2019-10-29 | 3.5 | CVE-2019-9758 MISC MISC |
| mantisbt -- mantisbt | A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. | 2019-10-31 | 3.5 | CVE-2013-1934 MISC MISC MISC CONFIRM MISC |
| mitsubishi_electric_and_inea -- me-rtu_devices | An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. | 2019-10-28 | 3.5 | CVE-2019-14928 MISC MISC |
| postgresql -- postgresql | Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan. | 2019-10-29 | 3.5 | CVE-2019-10209 CONFIRM CONFIRM |
| postgresql -- postgresql_windows_installer | Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | 2019-10-29 | 1.9 | CVE-2019-10210 CONFIRM CONFIRM |
| total_defense -- antivirus | The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. | 2019-10-31 | 2.1 | CVE-2019-18645 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- wise-paas/rmm | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. | 2019-10-31 | not yet calculated | CVE-2019-18229 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| advantech -- wise-paas/rmm | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. | 2019-10-31 | not yet calculated | CVE-2019-13547 MISC MISC |
| advantech -- wise-paas/rmm | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. | 2019-10-31 | not yet calculated | CVE-2019-18227 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| advantech -- wise-paas/rmm | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. | 2019-10-31 | not yet calculated | CVE-2019-13551 MISC MISC MISC MISC MISC |
| amd -- atidxx64.dll_driver | An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2019-10-31 | not yet calculated | CVE-2019-5049 MISC |
| apache -- struts | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 2019-11-01 | not yet calculated | CVE-2011-3923 MISC EXPLOIT-DB BID MISC MISC XF MISC |
| apak -- wholesale_floorplanning_finance | Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter to WFS/agreementView.faces in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG ?Notes? section are likely affected. | 2019-10-31 | not yet calculated | CVE-2019-17551 MISC |
| archiver -- archiver | All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. | 2019-10-29 | not yet calculated | CVE-2019-10743 MISC MISC MISC |
| archos -- safe-t_devices | On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | 2019-11-02 | not yet calculated | CVE-2019-14358 MISC |
| aruba -- instant | Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. | 2019-10-30 | not yet calculated | CVE-2018-16417 BID CONFIRM MISC CONFIRM MISC |
| atlantis_word_processor -- atlantis_word_processor | An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 2019-10-31 | not yet calculated | CVE-2018-3983 MISC |
| atlassian -- infosysta_for_jira | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. | 2019-11-01 | not yet calculated | CVE-2019-16908 MISC MISC |
| atlassian -- infosysta_for_jira | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. | 2019-11-01 | not yet calculated | CVE-2019-16909 MISC MISC |
| atlassian -- infosysta_for_jira | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI. | 2019-10-31 | not yet calculated | CVE-2019-16907 MISC BUGTRAQ |
| atlassian -- infosysta_for_jira | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. | 2019-10-31 | not yet calculated | CVE-2019-16906 MISC BUGTRAQ |
| atlassian -- jira | An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin. | 2019-10-31 | not yet calculated | CVE-2019-5095 MISC |
| autojump -- autojump | autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. | 2019-10-31 | not yet calculated | CVE-2013-2012 MISC MISC MISC CONFIRM CONFIRM MISC |
| avast -- antivirus | A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | 2019-11-01 | not yet calculated | CVE-2019-18653 MISC MISC |
| avg_technologies -- avg_antivirus | A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | 2019-11-01 | not yet calculated | CVE-2019-18654 MISC MISC |
| axohelp -- axohelp | In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. | 2019-10-29 | not yet calculated | CVE-2019-18604 MISC |
| bitdefender -- box_firmware | An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode. | 2019-10-31 | not yet calculated | CVE-2019-12612 CONFIRM |
| centos-webpanel -- centos_web_panel | Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim. | 2019-10-31 | not yet calculated | CVE-2019-16295 MISC CONFIRM |
| cezerin -- cezerin | Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js. | 2019-10-29 | not yet calculated | CVE-2019-18608 MISC |
| chicken -- chicken | OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. | 2019-10-31 | not yet calculated | CVE-2013-2024 MISC MISC MISC MISC CONFIRM MISC MISC |
| chicken -- chicken | Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. | 2019-10-31 | not yet calculated | CVE-2013-2075 CONFIRM CONFIRM CONFIRM MISC MISC MISC CONFIRM MISC |
| chicken -- chicken | A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." | 2019-10-31 | not yet calculated | CVE-2012-6124 MISC MISC CONFIRM MISC |
| chicken -- chicken | Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | 2019-10-31 | not yet calculated | CVE-2012-6123 MISC MISC MISC |
| chicken -- chicken | Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | 2019-10-31 | not yet calculated | CVE-2012-6125 MISC MISC CONFIRM CONFIRM MISC |
| chicken -- chicken | Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. | 2019-10-31 | not yet calculated | CVE-2012-6122 MISC MISC MISC MISC MISC CONFIRM CONFIRM MISC |
| compal -- ch7465lg_modem | The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. | 2019-10-28 | not yet calculated | CVE-2019-17224 MISC MISC |
| cujo -- smart_firewall | An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability. | 2019-10-31 | not yet calculated | CVE-2018-4031 MISC |
| cujo -- smart_firewall | An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | 2019-10-31 | not yet calculated | CVE-2018-4002 MISC |
| debian_project -- autokey | The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. | 2019-10-30 | not yet calculated | CVE-2010-0398 MISC MISC |
| debian_project -- burn | burn allows file names to escape via mishandled quotation marks | 2019-10-31 | not yet calculated | CVE-2009-5043 MISC |
| debian_project -- debian | The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected. | 2019-10-30 | not yet calculated | CVE-2018-5735 CONFIRM |
| debian_project -- mumble | Mumble: murmur-server has DoS due to malformed client query | 2019-10-31 | not yet calculated | CVE-2010-2490 MISC MISC MISC |
| debian_project -- overkill | overkill has buffer overflow via long player names that can corrupt data on the server machine | 2019-10-31 | not yet calculated | CVE-2009-5041 MISC |
| debian_project -- python-docutils | python-docutils allows insecure usage of temporary files | 2019-10-31 | not yet calculated | CVE-2009-5042 MISC |
| debian_project -- drbd8 | drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | 2019-10-30 | not yet calculated | CVE-2010-0747 MISC CONFIRM |
| debian_project -- mutt | Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | 2019-11-01 | not yet calculated | CVE-2005-2351 MISC MISC |
| elastic -- elasticsearch | Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. | 2019-10-30 | not yet calculated | CVE-2019-7619 CONFIRM CONFIRM CONFIRM |
| elastic -- logstash | Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding. | 2019-10-30 | not yet calculated | CVE-2019-7620 CONFIRM CONFIRM CONFIRM |
| european_commission -- eidas_node_integration_package | European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. | 2019-10-30 | not yet calculated | CVE-2019-18633 MISC |
| european_commission -- eidas_node_integration_package | European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. | 2019-10-30 | not yet calculated | CVE-2019-18632 MISC |
| f5 -- big-ip | On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. | 2019-11-01 | not yet calculated | CVE-2019-6657 CONFIRM |
| f5 -- big-ip_afm | On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. | 2019-11-01 | not yet calculated | CVE-2019-6658 CONFIRM |
| facebook -- whatsapp | The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. | 2019-11-02 | not yet calculated | CVE-2019-18659 MISC |
| fastweb -- fastgate_devices | Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. | 2019-11-02 | not yet calculated | CVE-2019-18661 MISC MISC |
| fortinet -- fortiextender | An OS command injection vulnerability in FortiExtender 4.1.1 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. | 2019-10-31 | not yet calculated | CVE-2019-15710 CONFIRM |
| foswiki -- foswiki | Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | 2019-11-01 | not yet calculated | CVE-2013-1666 CONFIRM MISC MISC MISC |
| freebsd --freebsd | /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD has XSS via a filename. | 2019-11-02 | not yet calculated | CVE-2019-18667 MISC |
| freebsd -- freebsd | FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. | 2019-11-01 | not yet calculated | CVE-2012-2979 MISC CONFIRM MISC |
| freetds -- freetds | FreeTDS through 1.1.11 has a Buffer Overflow. | 2019-10-31 | not yet calculated | CVE-2019-13508 MISC |
| glpi_project -- glpi | GLPI 0.83.7 has Local File Inclusion in common.tabs.php. | 2019-11-01 | not yet calculated | CVE-2013-2227 MISC MISC MISC MISC MISC |
| gnome -- evince | evince is missing a check on number of pages which can lead to a segmentation fault | 2019-11-01 | not yet calculated | CVE-2013-3718 MISC MISC MISC MISC |
| google -- nest_cam_iq_indoor | An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. | 2019-10-31 | not yet calculated | CVE-2019-5043 MISC |
| grsecurity -- pax | An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability. | 2019-10-31 | not yet calculated | CVE-2019-5023 MISC |
| gs-gpl -- gs-gpl | I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. | 2019-11-01 | not yet calculated | CVE-2005-2352 MISC MISC |
| honeywell -- equip_and_performance_series_ip_cameras | Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. | 2019-10-31 | not yet calculated | CVE-2019-18230 MISC |
| honeywell -- equip_and_performance_series_ip_cameras_and_recorders | Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. | 2019-10-31 | not yet calculated | CVE-2019-18226 MISC |
honeywell -- equip_ip_and_multiple_equip_series_cameras | Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affe products where a specially crafted HTTP packet request could result in a denial of service. | 2019-10-31 | not yet calculated | CVE-2019-18228 MISC |
| hunt_cctv -- multiple_cctv_devices | Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. | 2019-10-30 | not yet calculated | CVE-2013-1391 MISC MISC BID |
| hyundai -- pay_kasse_hk-1000_devices | On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | 2019-11-02 | not yet calculated | CVE-2019-14360 MISC |
| icedtea6 -- icedtea6 | IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. | 2019-10-31 | not yet calculated | CVE-2010-2783 CONFIRM MISC MISC MISC |
| icedtea6 -- icedtea6 | IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | 2019-10-31 | not yet calculated | CVE-2010-2548 CONFIRM MISC MISC |
| ikiwiki -- ikiwiki | ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | 2019-10-29 | not yet calculated | CVE-2011-1408 CONFIRM MISC MISC MISC |
| internet_systems_consortium -- bind | There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. | 2019-11-01 | not yet calculated | CVE-2019-6470 CONFIRM CONFIRM CONFIRM CONFIRM |
| ipswitch -- progress_movieit_transfer | In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. | 2019-10-31 | not yet calculated | CVE-2019-18465 CONFIRM CONFIRM |
| ipswitch -- progress_movieit_transfer | In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. | 2019-10-31 | not yet calculated | CVE-2019-18464 CONFIRM CONFIRM CONFIRM CONFIRM |
| jetbrains -- hub | In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. | 2019-10-31 | not yet calculated | CVE-2019-18360 CONFIRM |
| jetbrains -- intellij_idea | JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | 2019-10-31 | not yet calculated | CVE-2019-18361 CONFIRM |
| jetbrains -- mps | JetBrains MPS before 2019.2.2 exposed listening ports to the network. | 2019-10-31 | not yet calculated | CVE-2019-18362 CONFIRM |
| jetbrains -- teaamcity | In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. | 2019-10-31 | not yet calculated | CVE-2019-18367 CONFIRM |
| jetbrains -- teaamcity | In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. | 2019-10-31 | not yet calculated | CVE-2019-18365 CONFIRM |
| jetbrains -- teaamcity | In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. | 2019-10-31 | not yet calculated | CVE-2019-18366 CONFIRM |
| jetbrains -- toolbox_app | In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | 2019-10-31 | not yet calculated | CVE-2019-18368 CONFIRM |
| jitbit -- jitbit | A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. | 2019-11-01 | not yet calculated | CVE-2019-18636 MISC MISC |
| libvnc -- libvnc | LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. | 2019-10-29 | not yet calculated | CVE-2019-15681 MISC MLIST MLIST |
| linux -- linux_kernel | ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | 2019-11-01 | not yet calculated | CVE-2013-4367 MISC MISC |
| magento -- magento | An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input. | 2019-10-30 | not yet calculated | CVE-2019-8235 CONFIRM |
| manageiq -- manageiq_evm | Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2019-11-01 | not yet calculated | CVE-2013-0186 CONFIRM MISC |
| mantisbt -- mantisbt | A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | 2019-10-31 | not yet calculated | CVE-2013-1931 MISC MISC MISC MISC MISC CONFIRM MISC |
| mantisbt -- mantisbt | A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | 2019-10-31 | not yet calculated | CVE-2013-1932 MISC MISC MISC CONFIRM MISC |
| mantisbt -- mantisbt | MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | 2019-10-31 | not yet calculated | CVE-2013-1930 MISC MISC MISC MISC MISC MISC MISC MISC |
| mapserver -- mapserver | Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | 2019-10-29 | not yet calculated | CVE-2010-1678 MISC MISC CONFIRM |
| maxthon -- maxthon_browser_for_windows | Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. | 2019-10-29 | not yet calculated | CVE-2019-16647 MISC MISC |
| minidlna -- minidlna | MiniDLNA has heap-based buffer overflow | 2019-11-01 | not yet calculated | CVE-2013-2739 MISC MISC |
| minidlna -- minidlna | minidlna has SQL Injection that may allow retrieval of arbitrary files | 2019-11-01 | not yet calculated | CVE-2013-2738 MISC MISC MISC MISC |
| miniupnpd -- miniupnpd | MiniUPnPd has information disclosure use of snprintf() | 2019-11-01 | not yet calculated | CVE-2013-2600 MISC MISC MISC MISC MISC |
| mooltipass -- moolticute | An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp. | 2019-10-30 | not yet calculated | CVE-2019-18635 MISC MISC |
| opera -- opera_mini_for_android | Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. | 2019-10-29 | not yet calculated | CVE-2019-18624 MISC MISC |
| phoenix_contact -- pc_works_and_pc_worx_express_and_config+ | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. | 2019-10-31 | not yet calculated | CVE-2019-16675 MISC MISC MISC |
| postgresql -- postgresql | A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. | 2019-10-29 | not yet calculated | CVE-2019-10208 CONFIRM CONFIRM |
| postgresql -- postgresql_windows_installer | Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. | 2019-10-29 | not yet calculated | CVE-2019-10211 CONFIRM CONFIRM |
| project_jupyter -- jupyter_notebook | Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. | 2019-10-31 | not yet calculated | CVE-2018-21030 MISC MISC |
| python -- python | An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. | 2019-10-31 | not yet calculated | CVE-2019-5010 MISC |
| qtum -- qtum | qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | 2019-10-29 | not yet calculated | CVE-2018-19151 MISC MISC |
rainbow_pdf -- office_server_document_converter | A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution. | 2019-10-31 | not yet calculated | CVE-2019-5030 MISC |
| rdesktop -- rdesktop | RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 | 2019-10-30 | not yet calculated | CVE-2019-15682 MISC |
| red_hat -- jboss_operations_network | A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | 2019-10-30 | not yet calculated | CVE-2010-0737 MISC |
| red_hat -- openshift | cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | 2019-11-01 | not yet calculated | CVE-2013-0165 MISC |
| red_hat -- openstack | HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 2019-11-01 | not yet calculated | CVE-2013-2255 MISC MISC MISC MISC MISC MISC MISC |
| red_hat -- red_hat_enterprise_linux | While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected. | 2019-10-30 | not yet calculated | CVE-2018-5742 CONFIRM |
| redis -- redis | Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | 2019-11-01 | not yet calculated | CVE-2013-0180 MLIST MISC |
| redis -- redis | Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. | 2019-11-01 | not yet calculated | CVE-2013-0178 MISC MISC MISC MISC MISC MISC |
| rpcbind -- rpcbind | rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. | 2019-10-29 | not yet calculated | CVE-2010-2061 MISC MISC MISC MISC MLIST |
| rpcbind -- rpcbind | rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | 2019-10-29 | not yet calculated | CVE-2010-2064 MISC MISC MISC MLIST |
| ruby193 -- ruby193 | ruby193 uses an insecure LD_LIBRARY_PATH setting. | 2019-10-31 | not yet calculated | CVE-2013-1945 MISC |
| sahi_pro -- sahi_pro | Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS. | 2019-10-29 | not yet calculated | CVE-2019-13066 MISC MISC |
| schneider_electric -- multiple_modicon_products | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. | 2019-10-29 | not yet calculated | CVE-2019-6845 CONFIRM |
| schneider_electric -- multiple_modicon_products | A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol. | 2019-10-29 | not yet calculated | CVE-2019-6851 CONFIRM |
| schneider_electric -- multiple_modicon_products | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. | 2019-10-29 | not yet calculated | CVE-2019-6846 CONFIRM |
| secudos -- domos | The Log module in SECUDOS DOMOS before 5.6 allows XSS. | 2019-11-02 | not yet calculated | CVE-2019-18664 MISC |
| secudos -- domos | The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. | 2019-11-02 | not yet calculated | CVE-2019-18665 MISC |
| sensiolabs -- php-symphony2-validator | php-symfony2-Validator has loss of information during serialization | 2019-11-01 | not yet calculated | CVE-2013-4751 MISC MISC MISC MISC MISC MISC |
| shift_cryptosecurity -- bitbox02 | On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. Note: BIP39 secrets are not displayed by default on this device. The side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | 2019-11-02 | not yet calculated | CVE-2019-18673 MISC |
| sierra_wireless -- airlink_es450_fw | An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2019-10-31 | not yet calculated | CVE-2018-4064 MISC |
| smokeping -- smokeping | Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. | 2019-11-01 | not yet calculated | CVE-2013-4168 MISC MISC MISC MISC MISC MISC |
| sonatype -- nexus_repository_manager | There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. | 2019-11-01 | not yet calculated | CVE-2019-15588 MISC CONFIRM |
| symantec -- sonar | The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. | 2019-11-01 | not yet calculated | CVE-2019-12752 CONFIRM |
| systemd -- systemd | systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. | 2019-10-30 | not yet calculated | CVE-2018-21029 MISC MISC MISC |
| technicolor -- td5130v2_devices | An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017?14127. | 2019-10-31 | not yet calculated | CVE-2019-18396 MISC MISC |
| tightrope_media_systems -- carousel | The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system. | 2019-10-29 | not yet calculated | CVE-2018-18929 MISC |
| tightrope_media_systems -- carousel | An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the Carousel.Service.exe file with a custom malicious executable. This service is independent of the associated IIS web site, which means that this service can be manipulated by an attacker without losing access to vulnerabilities in the web interface (which would potentially be used in conjunction with this attack, to control the service). Once the attacker has replaced Carousel.Service.exe, the server can be restarted using the command "shutdown -r -t 0" from a web shell, causing the system to reboot and launching the malicious Carousel.Service.exe as SYSTEM on startup. If this malicious Carousel.Service.exe is configured to launch a reverse shell back to the attacker, then upon reboot the attacker will have a fully privileged remote command-line environment to manipulate the system further. | 2019-10-29 | not yet calculated | CVE-2018-18931 MISC |
| tightrope_media_systems -- carousel | The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing "Bulletins") containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user. | 2019-10-29 | not yet calculated | CVE-2018-18930 MISC |
trend_micro -- apex_one_and_officescan_and_worry-free_business_security | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | 2019-10-28 | not yet calculated | CVE-2019-18189 N/A |
| turbovnc -- turbovnc | TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e. | 2019-10-29 | not yet calculated | CVE-2019-15683 MISC |
| twiki -- twiki | TWiki allows arbitrary shell command execution via the Include function | 2019-11-01 | not yet calculated | CVE-2005-3056 DEBIAN MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | 2019-11-01 | not yet calculated | CVE-2010-3661 MISC MISC CONFIRM |
| typo3 -- typo3 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | 2019-11-01 | not yet calculated | CVE-2010-3660 MISC MISC CONFIRM |
| vmware -- esxi_and_workstation_and_fusion | VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. | 2019-10-28 | not yet calculated | CVE-2019-5536 MISC |
| vmware -- sd-wan | In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3. | 2019-10-29 | not yet calculated | CVE-2019-5533 CONFIRM |
| vmware -- vcenter_server_appliance | Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | 2019-10-28 | not yet calculated | CVE-2019-5537 MISC |
| vmware -- vcenter_server_appliance | Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | 2019-10-28 | not yet calculated | CVE-2019-5538 MISC |
| websieve -- websieve | Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. | 2019-11-01 | not yet calculated | CVE-2005-2350 MISC MISC |
| wordpress -- wordpress | plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | 2019-10-31 | not yet calculated | CVE-2019-16251 MISC MISC |
| wordpress -- wordpress | An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price. | 2019-11-02 | not yet calculated | CVE-2019-18668 MISC MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. | 2019-10-31 | not yet calculated | CVE-2019-18425 MLIST MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. | 2019-10-31 | not yet calculated | CVE-2019-18423 MLIST MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. | 2019-10-31 | not yet calculated | CVE-2019-18422 MLIST MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. | 2019-10-31 | not yet calculated | CVE-2019-18424 MLIST MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability. | 2019-10-31 | not yet calculated | CVE-2019-18420 MLIST MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability. | 2019-10-31 | not yet calculated | CVE-2019-18421 MLIST MISC |
| yandex -- clickhouse | ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. | 2019-10-31 | not yet calculated | CVE-2019-18657 MISC MISC MISC |
| youphptube -- youphptube | An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. | 2019-11-02 | not yet calculated | CVE-2019-18662 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. | 2019-10-31 | not yet calculated | CVE-2019-5151 MISC |
| youphptube -- youphptube | An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. | 2019-10-31 | not yet calculated | CVE-2019-5150 MISC |
| yum -- yum | yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. | 2019-10-31 | not yet calculated | CVE-2013-1910 MISC MISC MISC MISC MISC MISC |
| zte -- zx297520v3 | The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system. | 2019-10-31 | not yet calculated | CVE-2019-3421 CONFIRM |
| zte -- zxmp | A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service. | 2019-10-31 | not yet calculated | CVE-2019-3419 CONFIRM |
| zuchetti -- infobusiness | In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. | 2019-10-30 | not yet calculated | CVE-2019-18207 MISC |
| zuchetti -- infobusiness | A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. | 2019-10-30 | not yet calculated | CVE-2019-18206 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.