Vulnerability Summary for the Week of September 23, 2019

Released
Sep 30, 2019
Document ID
SB19-273

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
centreon -- centreonSQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.2019-09-257.5CVE-2019-16194
MISC
MISC
emlog -- emlogemlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.2019-09-257.5CVE-2019-16868
MISC
forcepoint -- vpn_clientForcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.2019-09-207.2CVE-2019-6145
MISC
CONFIRM
gigastone -- smart_battery_a4_firmwareA broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.2019-09-2510.0CVE-2019-15068
CONFIRM
CONFIRM
gigastone -- smart_battery_a4_firmwareAn unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.2019-09-257.5CVE-2019-15069
CONFIRM
CONFIRM
inoideas -- inoerpdownload.php in inoERP 4.15 allows SQL injection through insecure deserialization.2019-09-267.5CVE-2019-16894
EXPLOIT-DB
integard_pro_project -- integard_proIntegard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.2019-09-227.5CVE-2019-16702
MISC
joinmastodon -- mastodonMastodon before 2.6.3 mishandles timeouts of incompletely established sessions.2019-09-227.5CVE-2018-21018
MISC
MISC
MISC
MISC
joyplus_project -- joyplusjoyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.2019-09-217.5CVE-2019-16656
MISC
linea_project -- lineaAn issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.2019-09-257.5CVE-2019-16880
CONFIRM
linux -- linux_kernelThere is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.2019-09-207.2CVE-2019-14814
SUSE
SUSE
MLIST
MISC
CONFIRM
MISC
MLIST
FEDORA
FEDORA
MISC
linux -- linux_kernelThere is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.2019-09-207.2CVE-2019-14816
SUSE
SUSE
MLIST
MISC
CONFIRM
MISC
MLIST
FEDORA
FEDORA
MISC
linux -- linux_kernelAn issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.2019-09-247.5CVE-2019-16746
MISC
makandra -- consulThe makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control.2019-09-237.5CVE-2019-16377
MISC
MISC
microsoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.2019-09-237.6CVE-2019-1367
MISC
netapp -- ontap_select_deploy_administration_utilityONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.2019-09-247.5CVE-2019-5504
MISC
netgate -- pfsensepfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.2019-09-259.0CVE-2019-16701
MISC
MISC
MISC
pam-python_project -- pam-pythonpam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.2019-09-247.2CVE-2019-16729
MISC
MISC
MISC
phpipam -- phpipamphpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.2019-09-227.5CVE-2019-16692
MISC
phpipam -- phpipamphpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.2019-09-227.5CVE-2019-16693
MISC
phpipam -- phpipamphpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.2019-09-227.5CVE-2019-16694
MISC
phpipam -- phpipamphpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.2019-09-227.5CVE-2019-16695
MISC
phpipam -- phpipamphpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.2019-09-227.5CVE-2019-16696
MISC
portaudio-rs_project -- portaudio-rsAn issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.2019-09-257.5CVE-2019-16881
CONFIRM
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.2019-09-207.5CVE-2019-14914
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.2019-09-207.5CVE-2019-15088
MISC
MISC
silverstripe -- silverstripeIn SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.2019-09-257.5CVE-2019-12204
MISC
MISC
CONFIRM
smackcoders -- ultimate_exporterThe wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.2019-09-207.5CVE-2016-11000
MISC
MISC
supermicro -- a1sa2-2750f_firmwareOn Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.2019-09-207.5CVE-2019-16650
MISC
MISC
MISC
suricata-ids -- suricataAn issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.2019-09-247.5CVE-2019-16411
MISC
MISC
tuzicms -- tuzicmsApp\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.2019-09-207.5CVE-2019-16644
MISC
upredsun -- file_sharing_wizardFile Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.2019-09-247.5CVE-2019-16724
MISC
EXPLOIT-DB
vbulletin -- vbulletinvBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.2019-09-247.5CVE-2019-16759
MISC
MISC
MISC
MISC
wolfssl -- wolfsslIn wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.2019-09-247.5CVE-2019-16748
MISC
yejiao -- tuzicmsApp\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.2019-09-207.5CVE-2019-16642
MISC
zte -- zxv10_b860a_firmwareAll versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.2019-09-2310.0CVE-2019-3416
CONFIRM
zzzcms -- zzzphpZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.2019-09-237.5CVE-2019-16722
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
5none -- nonecmsNoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.2019-09-235.8CVE-2019-16721
MISC
acquia -- mauticAn issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.2019-09-204.3CVE-2018-11200
CONFIRM
advantech -- webaccess/hmi_designerIn Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.2019-09-255.0CVE-2019-16899
MISC
advantech -- webaccess/hmi_designerAdvantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.2019-09-255.0CVE-2019-16900
MISC
advantech -- webaccess/hmi_designerAdvantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.2019-09-255.0CVE-2019-16901
MISC
agentevolution -- impress_listingsThe wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.2019-09-204.3CVE-2016-11013
MISC
MISC
alo-easymail_project -- alo-easymailThe alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.2019-09-254.3CVE-2015-9409
MISC
MISC
MISC
altosresearch -- altos-connectThe altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.2019-09-264.3CVE-2015-9444
MISC
MISC
angrycreative -- bj_lazy_loadThe bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.2019-09-255.0CVE-2015-9415
MISC
MISC
apache -- http_serverIn Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.2019-09-266.4CVE-2019-10082
MISC
apache -- http_serverIn Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.2019-09-264.3CVE-2019-10092
MISC
apache -- http_serverIn Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.2019-09-255.8CVE-2019-10098
MISC
apache -- jspwikiOn Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.2019-09-234.3CVE-2019-10087
MISC
apache -- jspwikiOn Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.2019-09-234.3CVE-2019-10089
MISC
apache -- jspwikiOn Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.2019-09-234.3CVE-2019-10090
MISC
apache -- jspwikiOn Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.2019-09-234.3CVE-2019-12404
MISC
apache -- jspwikiOn Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.2019-09-234.3CVE-2019-12407
MISC
apache -- subversionIn Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.2019-09-264.0CVE-2018-11782
MISC
apache -- subversionIn Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.2019-09-265.0CVE-2019-0203
MISC
apereo -- central_authentication_serviceMultiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.2019-09-235.5CVE-2019-10754
MISC
MISC
MISC
MISC
MISC
attosoft -- auto_thickbox_plusThe auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.2019-09-204.3CVE-2015-9396
MISC
MISC
avenirsoft -- directdownloadThe avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.2019-09-264.3CVE-2015-9442
MISC
MISC
bestwebsoft -- quotes_and_tipsThe quotes-and-tips plugin before 1.20 for WordPress has XSS.2019-09-204.3CVE-2015-9385
MISC
MISC
bestwebsoft -- relevantThe relevant plugin before 1.0.8 for WordPress has XSS.2019-09-204.3CVE-2015-9384
MISC
MISC
bluestacks -- bluestacksAn issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read2019-09-244.9CVE-2019-14220
MISC
CONFIRM
bookmarkify_project -- bookmarkifyThe bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.2019-09-264.3CVE-2015-9441
MISC
MISC
byonepress -- social_lockerThe social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.2019-09-254.3CVE-2015-9425
MISC
MISC
MISC
cacti -- cactiIn Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.2019-09-234.0CVE-2019-16723
MISC
captain-slider_project -- captain-sliderThe captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.2019-09-254.3CVE-2015-9419
MISC
MISC
cisco -- iosA vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.2019-09-255.8CVE-2019-12665
CISCO
cloudfoundry -- cf-deploymentCloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.2019-09-235.5CVE-2019-11277
CONFIRM
crazy_bone_project -- crazy_boneThe crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.2019-09-254.3CVE-2015-9430
MISC
MISC
MISC
cure53 -- dompurifyDOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.2019-09-244.3CVE-2019-16728
MISC
cyberseo -- xpinner_liteThe xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.2019-09-204.3CVE-2015-9407
MISC
MISC
MISC
cyberseo -- xpinner_liteThe xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.2019-09-204.3CVE-2015-9408
MISC
MISC
MISC
devise_token_auth_project -- devise_token_authAn issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller.2019-09-244.3CVE-2019-16751
MISC
doc4design -- multiconsThe multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.2019-09-254.3CVE-2015-9424
MISC
MISC
MISC
draytek -- vigor2925_firmwareOn DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware.2019-09-204.3CVE-2019-16533
MISC
MISC
draytek -- vigor2925_firmwareOn DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. This has been solved in v3.8.8.2 and later release firmware2019-09-204.3CVE-2019-16534
MISC
MISC
e2fsprogs_project -- e2fsprogsAn exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.2019-09-244.6CVE-2019-5094
MISC
efficientscripts -- microblog_posterThe microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.2019-09-256.5CVE-2015-9449
MISC
MISC
MISC
elegantthemes -- extraThe Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.2019-09-206.5CVE-2016-11002
MISC
MISC
elegantthemes -- monarchThe Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.2019-09-206.5CVE-2016-11003
MISC
MISC
elegantthemes -- monarchThe Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.2019-09-206.5CVE-2016-11004
MISC
MISC
elfsight -- instalinkerThe instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.2019-09-204.3CVE-2016-11005
MISC
MISC
embedthis -- goaheadAn issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.2019-09-205.0CVE-2019-16645
MISC
eshop_project -- eshopThe eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.2019-09-254.3CVE-2015-9413
MISC
MISC
MISC
f5 -- big-ip_access_policy_managerIn BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.2019-09-255.0CVE-2019-6651
MISC
f5 -- big-ip_access_policy_managerOn versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data.2019-09-254.3CVE-2019-6655
MISC
f5 -- big-ip_application_security_managerF5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.2019-09-205.8CVE-2019-6650
CONFIRM
f5 -- big-iq_centralized_managementIn BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).2019-09-256.4CVE-2019-6652
MISC
gilacms -- gila_cmsGila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.2019-09-214.0CVE-2019-16679
MISC
MISC
MISC
googmonify_project -- googmonifyThe googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.2019-09-254.3CVE-2015-9427
MISC
MISC
MISC
grafana -- grafanaAn issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.2019-09-234.0CVE-2019-15635
MISC
MISC
hcltech -- appscan_sourceHCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks.2019-09-255.8CVE-2019-16188
CONFIRM
home-assistant -- home-assistantHome Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.2019-09-235.0CVE-2018-21019
MISC
MISC
hongcms_project -- hongcmsHongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)2019-09-255.5CVE-2019-16867
MISC
html-pdf_project -- html-pdfThe html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.2019-09-205.0CVE-2019-15138
MISC
hunspell_project -- hunspellHunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.2019-09-234.3CVE-2019-16707
MISC
ibm -- mqIBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.2019-09-264.0CVE-2019-4378
XF
CONFIRM
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.2019-09-265.0CVE-2019-4262
XF
CONFIRM
ibm -- security_key_lifecycle_managerIBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.2019-09-244.3CVE-2019-4515
XF
CONFIRM
ibm -- security_key_lifecycle_managerIBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.2019-09-205.0CVE-2019-4565
XF
CONFIRM
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.2019-09-205.0CVE-2019-4505
XF
CONFIRM
idreamsoft -- icmsAn issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.2019-09-215.8CVE-2019-16677
MISC
imagemagick -- imagemagickImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.2019-09-234.3CVE-2019-16708
MISC
imagemagick -- imagemagickImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.2019-09-234.3CVE-2019-16709
MISC
imagemagick -- imagemagickImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.2019-09-234.3CVE-2019-16710
MISC
imagemagick -- imagemagickImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.2019-09-234.3CVE-2019-16711
MISC
imagemagick -- imagemagickImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.2019-09-234.3CVE-2019-16712
MISC
imagemagick -- imagemagickImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.2019-09-234.3CVE-2019-16713
MISC
ipswitch -- moveit_transferMOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.2019-09-246.4CVE-2019-16383
CONFIRM
CONFIRM
CONFIRM
CONFIRM
irfanview -- irfanviewIn IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.2019-09-256.8CVE-2019-16887
MISC
jenkins -- aqua_microscannerJenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.2019-09-255.0CVE-2019-10427
MLIST
CONFIRM
jenkins -- aqua_security_scannerJenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.2019-09-255.0CVE-2019-10428
MLIST
CONFIRM
jenkins -- azure_event_grid_notifierJenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-09-254.0CVE-2019-10421
MLIST
CONFIRM
jenkins -- call_remote_jobJenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-09-254.0CVE-2019-10422
MLIST
CONFIRM
jenkins -- data_theorem_mobile_app_securityJenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.2019-09-254.0CVE-2019-10413
MLIST
CONFIRM
jenkins -- google_calendarJenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-09-254.0CVE-2019-10425
MLIST
CONFIRM
jenkins -- inedo_buildmasterJenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.2019-09-255.0CVE-2019-10411
MLIST
CONFIRM
jenkins -- inedo_progetJenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.2019-09-255.0CVE-2019-10412
MLIST
CONFIRM
jenkins -- inheritance-pluginJenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.2019-09-254.0CVE-2019-10407
MLIST
CONFIRM
jenkins -- jenkinsJenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.2019-09-254.0CVE-2019-10405
MLIST
CONFIRM
jenkins -- kubernetes_pipelineJenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.2019-09-256.5CVE-2019-10417
MLIST
CONFIRM
jenkins -- kubernetes_pipelineJenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.2019-09-256.5CVE-2019-10418
MLIST
CONFIRM
jenkins -- project_inheritanceA cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.2019-09-254.0CVE-2019-10408
MLIST
CONFIRM
jenkins -- violation_comments_to_gitlabJenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.2019-09-254.0CVE-2019-10415
MLIST
CONFIRM
jenkins -- violation_comments_to_gitlabJenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.2019-09-254.0CVE-2019-10416
MLIST
CONFIRM
joomla -- joomla!In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.2019-09-244.3CVE-2019-16725
CONFIRM
joyplus_project -- joyplusjoyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.2019-09-216.4CVE-2019-16655
MISC
joyplus_project -- joyplusjoyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.2019-09-216.8CVE-2019-16660
MISC
kiwi-logo-carousel_project -- kiwi-logo-carouselThe kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.2019-09-254.3CVE-2015-9434
MISC
MISC
MISC
kkcms_project -- kkcmskkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.2019-09-236.8CVE-2019-16706
MISC
libgcrypt20_project -- libgcrypt20It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.2019-09-256.8CVE-2019-13627
SUSE
MISC
MLIST
MISC
libming -- libmingMing (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.2019-09-236.4CVE-2019-16705
MISC
linux -- linux_kernelIn the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.2019-09-235.0CVE-2019-16714
MLIST
MLIST
MISC
MISC
mediawiki -- mediawikiIn MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.2019-09-255.0CVE-2019-16738
MISC
microsoft -- forefront_endpoint_protection_2010A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.2019-09-235.0CVE-2019-1255
MISC
momizat -- goodnewsThe Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.2019-09-204.3CVE-2016-10999
MISC
monetize_project -- monetizeThe monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.2019-09-264.3CVE-2015-9440
MISC
MISC
mtouch_quiz_project -- mtouch_quizThe mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.2019-09-204.3CVE-2015-9386
MISC
MISC
mtouch_quiz_project -- mtouch_quizThe mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.2019-09-204.3CVE-2015-9387
MISC
MISC
mtouch_quiz_project -- mtouch_quizThe mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.2019-09-204.3CVE-2015-9388
MISC
MISC
netapp -- ontap_select_deploy_administration_utilityONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.2019-09-245.0CVE-2019-5505
MISC
netgate -- pfsenseAn XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.2019-09-264.3CVE-2019-16914
MISC
MISC
MISC
neuvoo -- neuvoo-jobrollThe neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.2019-09-204.3CVE-2015-9403
MISC
MISC
neuvoo -- neuvoo-jobrollThe neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.2019-09-204.3CVE-2015-9404
MISC
MISC
novnc -- novncAn XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.2019-09-254.3CVE-2017-18635
MISC
MISC
MISC
MISC
nxp -- kinetis_k8x_firmwareOn NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register.2019-09-244.6CVE-2019-14239
MISC
MISC
ocimscripts -- ocim-mp3The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.2019-09-204.3CVE-2016-10998
MISC
olevmedia -- olevmedia_shortcodesThe olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.2019-09-254.3CVE-2015-9421
MISC
MISC
MISC
optinmonster -- optinmonsterThe optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.2019-09-205.0CVE-2016-10996
MISC
MISC
organizedthemes -- epicThe epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.2019-09-205.0CVE-2014-10396
MISC
ostenta -- yawppThe yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.2019-09-204.3CVE-2015-9391
MISC
MISC
pac4j -- pac4jThe SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.2019-09-234.0CVE-2019-10755
MISC
pagekit -- pagekitThe Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.2019-09-215.0CVE-2019-16669
MISC
para -- antiochThe Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.2019-09-205.0CVE-2014-10397
MISC
phpmywind -- phpmywindadmin/infolist_add.php in PHPMyWind 5.6 has stored XSS.2019-09-234.3CVE-2019-16703
MISC
pivotal_software -- pivotal_application_servicePivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.2019-09-206.5CVE-2019-11280
CONFIRM
plugin-planet -- user_submitted_postsThe user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.2019-09-204.3CVE-2016-11001
MISC
MISC
plutinosoft -- platinumPlatinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead.2019-09-265.0CVE-2019-16903
MISC
MISC
pressified -- sendpressThe sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.2019-09-266.5CVE-2015-9448
MISC
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.2019-09-204.3CVE-2019-14911
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.2019-09-205.8CVE-2019-14912
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.2019-09-204.3CVE-2019-14915
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.2019-09-205.0CVE-2019-15085
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.2019-09-204.3CVE-2019-15086
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.2019-09-206.5CVE-2019-15087
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.2019-09-206.8CVE-2019-15089
MISC
MISC
prospecta -- master_data_onlineProspecta Master Data Online (MDO) allows CSRF.2019-09-204.3CVE-2018-17789
MISC
qemu -- qemuIn QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.2019-09-245.0CVE-2019-12068
MISC
MLIST
MISC
MISC
qurl -- dynamic_widgetsThe dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.2019-09-254.3CVE-2015-9437
MISC
MISC
MISC
radare -- radare2In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.2019-09-236.8CVE-2019-16718
MISC
MISC
MISC
redhat -- tectonicCoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards.2019-09-244.3CVE-2018-9090
MISC
MISC
redlion -- crimsonRed Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.2019-09-236.8CVE-2019-10978
MISC
redlion -- crimsonRed Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.2019-09-236.8CVE-2019-10984
MISC
redlion -- crimsonRed Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.2019-09-234.3CVE-2019-10990
MISC
redlion -- crimsonRed Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.2019-09-236.8CVE-2019-10996
MISC
riot-os -- riotRIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet.2019-09-245.0CVE-2019-16754
MISC
rockwellautomation -- arena_simulation_softwareIn Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized.2019-09-246.8CVE-2019-13527
MISC
sahipro -- sahi_proWithin Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.2019-09-235.0CVE-2019-13063
MISC
EXPLOIT-DB
sick -- fx0-gent00000_firmwareSICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow2019-09-245.0CVE-2019-14753
MISC
CONFIRM
silverstripe -- silverstripeSilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.2019-09-254.3CVE-2019-12205
MISC
MISC
CONFIRM
silverstripe -- silverstripeSilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.2019-09-255.0CVE-2019-12245
MISC
MISC
CONFIRM
silverstripe -- silverstripeIn SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.2019-09-264.0CVE-2019-12617
MISC
MISC
MISC
CONFIRM
silverstripe -- silverstripeIn SilverStripe assets 4.0, there is broken access control on files.2019-09-265.0CVE-2019-14273
MISC
MISC
MISC
CONFIRM
slidervilla -- testimonial_sliderThe testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.2019-09-254.3CVE-2015-9417
MISC
MISC
st -- stm32f4_firmwareOn STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.2019-09-244.6CVE-2019-14238
MISC
MISC
string-interner_project -- string-internerAn issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.2019-09-255.0CVE-2019-16882
CONFIRM
supermicro -- a1sa2-2750f_firmwareOn Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.2019-09-205.0CVE-2019-16649
MISC
MISC
MISC
suricata-ids -- suricataAn issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.2019-09-246.4CVE-2019-15699
MISC
MISC
suricata-ids -- suricataAn issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking.2019-09-246.4CVE-2019-16410
MISC
MISC
thinksaas -- thinksaasAn issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.2019-09-214.3CVE-2019-16665
MISC
topcon -- net-g5_firmwareAn issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration.2019-09-206.5CVE-2019-11326
MISC
topcon -- net-g5_firmwareAn issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.2019-09-204.0CVE-2019-11327
MISC
totaldefense -- anti-virusIn Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable.2019-09-244.6CVE-2019-13355
MISC
MISC
totaldefense -- anti-virusIn Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL.2019-09-244.6CVE-2019-13356
MISC
MISC
totaldefense -- anti-virusIn Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable.2019-09-244.6CVE-2019-13357
MISC
MISC
trivetechnology -- wp-stats-dashboardThe wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.2019-09-206.5CVE-2015-9399
MISC
MISC
MISC
tuzicms -- tuzicmsTuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.2019-09-214.3CVE-2019-16657
MISC
tuzicms -- tuzicmsTuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.2019-09-216.8CVE-2019-16658
MISC
tuzicms -- tuzicmsTuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.2019-09-216.8CVE-2019-16659
MISC
typomedia -- wordpress_meta_robotsThe wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.2019-09-206.5CVE-2015-9400
MISC
MISC
MISC
unitegallery -- unite_gallery_liteThe unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.2019-09-266.8CVE-2015-9445
MISC
MISC
MISC
unitegallery -- unite_gallery_liteThe unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.2019-09-266.5CVE-2015-9446
MISC
MISC
MISC
unitegallery -- unite_gallery_liteThe unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.2019-09-264.3CVE-2015-9447
MISC
MISC
MISC
usabilitydynamics -- wp-invoiceThe wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.2019-09-205.0CVE-2016-11006
MISC
MISC
MISC
usabilitydynamics -- wp-invoiceThe wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.2019-09-205.0CVE-2016-11007
MISC
MISC
MISC
usabilitydynamics -- wp-invoiceThe wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.2019-09-205.0CVE-2016-11008
MISC
MISC
MISC
usabilitydynamics -- wp-invoiceThe wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.2019-09-205.0CVE-2016-11009
MISC
MISC
MISC
usabilitydynamics -- wp-invoiceThe wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.2019-09-205.0CVE-2016-11010
MISC
MISC
MISC
usabilitydynamics -- wp-invoiceThe wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.2019-09-204.0CVE-2016-11011
MISC
MISC
MISC
usersultra -- users_ultra_membershipThe users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.2019-09-206.8CVE-2015-9394
MISC
MISC
usersultra -- users_ultra_membershipThe users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.2019-09-206.5CVE-2015-9395
MISC
MISC
MISC
usersultra -- users_ultra_membershipThe users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.2019-09-206.8CVE-2015-9402
MISC
MISC
MISC
vmware -- fusionVMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.2019-09-205.5CVE-2019-5521
MISC
CONFIRM
webmaster-source -- gocodesThe gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.2019-09-206.5CVE-2015-9398
MISC
MISC
MISC
wp-piwik_project -- wp-piwikThe wp-piwik plugin before 1.0.5 for WordPress has XSS.2019-09-204.3CVE-2015-9405
MISC
MISC
MISC
wp_accurate_form_data_project -- wp_accurate_form_dataThe accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.2019-09-264.3CVE-2015-9443
MISC
MISC
wplegalpages -- wp_legal_pagesThe wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.2019-09-254.3CVE-2015-9428
MISC
MISC
MISC
wpsymposiumpro -- wp-symposiumThe wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.2019-09-254.3CVE-2015-9414
MISC
MISC
wtcms_project -- wtcmsWTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.2019-09-234.3CVE-2019-16719
MISC
yourinspirationweb -- beauty-premiumThe beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.2019-09-204.3CVE-2016-10997
MISC
EXPLOIT-DB
yzmcms -- yzmcmsadmin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.2019-09-214.3CVE-2019-16678
MISC
zzzcms -- zzzphpZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.2019-09-235.0CVE-2019-16720
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
addthis -- addthisThe addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.2019-09-253.5CVE-2015-9439
MISC
MISC
MISC
blubrry -- powerpress_podcastingThe Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.2019-09-253.5CVE-2015-9410
MISC
MISC
digimute -- ogma_cmsOgma CMS 0.5 has XSS via creation of a new blog.2019-09-213.5CVE-2019-16661
MISC
display-widgets_project -- display-widgetsThe display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.2019-09-253.5CVE-2015-9438
MISC
MISC
MISC
f5 -- big-ip_access_policy_managerOn versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.2019-09-253.3CVE-2019-6654
MISC
f5 -- big-iq_centralized_managementThere is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.2019-09-253.5CVE-2019-6653
MISC
halo -- haloHalo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.2019-09-253.5CVE-2019-16890
MISC
ibm -- content_navigatorIBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721.2019-09-253.5CVE-2019-4571
XF
CONFIRM
ibm -- security_key_lifecycle_managerIBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.2019-09-242.1CVE-2019-4566
XF
CONFIRM
jenkins -- assemblaJenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-09-252.1CVE-2019-10420
MLIST
CONFIRM
jenkins -- codescanJenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-09-252.1CVE-2019-10423
MLIST
CONFIRM
jenkins -- eloyenteJenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-09-252.1CVE-2019-10424
MLIST
CONFIRM
jenkins -- gem_publisherJenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-09-252.1CVE-2019-10426
MLIST
CONFIRM
jenkins -- git_changelogJenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.2019-09-253.5CVE-2019-10414
MLIST
CONFIRM
jenkins -- gitlab_logoJenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-09-252.1CVE-2019-10429
MLIST
CONFIRM
jenkins -- jenkinsIn Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).2019-09-253.5CVE-2019-10401
MLIST
CONFIRM
jenkins -- jenkinsIn Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.2019-09-253.5CVE-2019-10402
MLIST
CONFIRM
jenkins -- jenkinsJenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.2019-09-253.5CVE-2019-10403
MLIST
CONFIRM
jenkins -- jenkinsJenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors.2019-09-253.5CVE-2019-10404
MLIST
CONFIRM
jenkins -- jenkinsJenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.2019-09-253.5CVE-2019-10406
MLIST
CONFIRM
jenkins -- neuvector_vulnerability_scannerJenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.2019-09-252.1CVE-2019-10430
MLIST
CONFIRM
jenkins -- vfabric_application_directorJenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-09-252.1CVE-2019-10419
MLIST
CONFIRM
manual_image_crop_project -- manual_image_cropThe manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.2019-09-253.5CVE-2015-9426
MISC
MISC
MISC
mtouch_quiz_project -- mtouch_quizThe mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.2019-09-203.5CVE-2015-9389
MISC
MISC
phpmywind -- phpmywindadmin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.2019-09-233.5CVE-2019-16704
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.2019-09-203.5CVE-2019-14913
MISC
MISC
qurl -- dynamic_widgetsThe dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.2019-09-253.5CVE-2015-9436
MISC
MISC
MISC
silverstripe -- silverstripeSilverStripe through 4.3.3 allows session fixation in the "change password" form.2019-09-253.7CVE-2019-12203
MISC
MISC
CONFIRM
silverstripe -- silverstripeIn SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.2019-09-263.5CVE-2019-14272
MISC
MISC
MISC
CONFIRM
solaplugins -- sola_support_ticketsThe sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.2019-09-203.5CVE-2016-11012
MISC
MISC
teampass -- teampassTeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)2019-09-263.5CVE-2019-16904
MISC
thinksaas -- thinksaasAn issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.2019-09-213.5CVE-2019-16664
MISC
traveloka -- travelokaThe Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application.2019-09-212.6CVE-2019-16681
MISC
MISC
tridium -- niagara4A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).2019-09-242.1CVE-2019-13528
MISC
usersultra -- users_ultra_membershipThe users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.2019-09-203.5CVE-2015-9392
MISC
MISC
MISC
usersultra -- users_ultra_membershipThe users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.2019-09-203.5CVE-2015-9393
MISC
MISC
vandyvape -- swell_kit_mod_firmwareAn issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.2019-09-233.3CVE-2019-16518
MISC
webmaster-source -- gocodesThe gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.2019-09-203.5CVE-2015-9397
MISC
MISC
MISC
websimon-tables_project -- websimon-tablesThe websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.2019-09-203.5CVE-2015-9401
MISC
MISC
MISC
zrlog -- zrlogAn issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.2019-09-203.5CVE-2019-16643
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- coldfusionColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.2019-09-27not yet calculatedCVE-2019-8074
CONFIRM
adobe -- coldfusionColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.2019-09-27not yet calculatedCVE-2019-8072
CONFIRM
adobe -- coldfusionColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.2019-09-27not yet calculatedCVE-2019-8073
CONFIRM
adobe -- flash_playerAdobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.2019-09-27not yet calculatedCVE-2019-8075
CONFIRM
apache -- http_serverIn Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.2019-09-26not yet calculatedCVE-2019-10097
MISC
arm -- mbed_tls_and_mbed_cryptoArm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)2019-09-26not yet calculatedCVE-2019-16910
MISC
bmc_software -- myit_digital_workplace_dwpA vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component sso.session.restore.cookies stores data using java serialization method. The vulnerability can be triggered by using an ivalid cookie that contains an embedded system command within a DWP API call, as demonstrated by the /dwp/rest/v2/administrator URI.2019-09-26not yet calculatedCVE-2019-16755
CONFIRM
cisco -- 4000_series_service_routersA vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails.2019-09-25not yet calculatedCVE-2019-12664
CISCO
cisco -- asr_9000_series_aggregation_services_routersA vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise.2019-09-25not yet calculatedCVE-2019-12709
CISCO
cisco -- catalyst_4000_series_switchesA vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device.2019-09-25not yet calculatedCVE-2019-12652
CISCO
cisco -- ios_and_ios_xe_softwareA vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2019-09-25not yet calculatedCVE-2019-12647
CISCO
cisco -- ios_and_ios_xe_softwareA vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.2019-09-25not yet calculatedCVE-2019-12654
CISCO
cisco -- ios_and_ios_xe_softwareA vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.2019-09-25not yet calculatedCVE-2019-12668
CISCO
cisco -- ios_softwareA vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user.2019-09-25not yet calculatedCVE-2019-12648
CISCO
cisco -- ios_xe_softwareA vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.2019-09-25not yet calculatedCVE-2019-12669
CISCO
cisco -- ios_xe_softwareA vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.2019-09-25not yet calculatedCVE-2019-12655
CISCO
cisco -- ios_xe_softwareA vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.2019-09-25not yet calculatedCVE-2019-12657
CISCO
cisco -- ios_xe_softwareA vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state.2019-09-25not yet calculatedCVE-2019-12663
CISCO
cisco -- ios_xe_softwareA vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol.2019-09-25not yet calculatedCVE-2019-12653
CISCO
cisco -- ios_xe_softwareA vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.2019-09-25not yet calculatedCVE-2019-12666
CISCO
cisco -- ios_xe_softwareA vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash.2019-09-25not yet calculatedCVE-2019-12659
CISCO
cisco -- ios_xe_softwareA vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.2019-09-25not yet calculatedCVE-2019-12660
CISCO
cisco -- ios_xe_softwareA vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition.2019-09-25not yet calculatedCVE-2019-12658
CISCO
cisco -- ios_xe_softwareMultiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.2019-09-25not yet calculatedCVE-2019-12651
CISCO
cisco -- ios_xe_softwareA vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise.2019-09-25not yet calculatedCVE-2019-12661
CISCO
cisco -- ios_xe_softwareA vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.2019-09-25not yet calculatedCVE-2019-12649
CISCO
cisco -- ios_xe_softwareMultiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.2019-09-25not yet calculatedCVE-2019-12650
CISCO
cisco -- ios_xe_softwareA vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.2019-09-25not yet calculatedCVE-2019-12667
CISCO
cisco -- ios_xe_softwareA vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.2019-09-25not yet calculatedCVE-2019-12646
CISCO
cisco -- ios_xe_softwareA vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS.2019-09-25not yet calculatedCVE-2019-12671
CISCO
cisco -- ios_xe_softwareA vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device.2019-09-25not yet calculatedCVE-2019-12672
CISCO
cisco -- ios_xe_softwareA vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.2019-09-25not yet calculatedCVE-2019-12670
CISCO
cisco -- multiple_cisco_platformsA vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.2019-09-25not yet calculatedCVE-2019-12656
CISCO
cisco -- nx-os_softwareA vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability.2019-09-25not yet calculatedCVE-2019-12717
CISCO
cisco -- nx-os_software_and_ios_xe_softwareA vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.2019-09-25not yet calculatedCVE-2019-12662
CISCO
ckeditor -- ckfinderAn issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.2019-09-26not yet calculatedCVE-2019-15891
MISC
ckeditor -- ckfinderAn issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.2019-09-26not yet calculatedCVE-2019-15862
MISC
cloud_foundry -- uaaCF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.2019-09-26not yet calculatedCVE-2019-11278
CONFIRM
cloud_foundry -- uaaCF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.2019-09-26not yet calculatedCVE-2019-11279
CONFIRM
corsair -- linkThe "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.2019-09-27not yet calculatedCVE-2018-19592
MISC
MISC
d-link -- multiple_productsUnauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise.2019-09-27not yet calculatedCVE-2019-16920
MISC
dell -- update_package_and_emc_serversAn Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.2019-09-24not yet calculatedCVE-2019-3726
CONFIRM
dnn_software -- dotnetnukeStored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.2019-09-26not yet calculatedCVE-2019-12562
MISC
f5 -- big-ip_and_enterprise_managerF5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.2019-09-20not yet calculatedCVE-2019-6649
CONFIRM
f5 -- big-ip_apm_edge_clientBIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.2019-09-25not yet calculatedCVE-2019-6656
MISC
gigastone -- smart_battery_a2-25deAn authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page.2019-09-25not yet calculatedCVE-2019-15067
CONFIRM
CONFIRM
glpi_project -- glpiGLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes.2019-09-25not yet calculatedCVE-2019-14666
MISC
MISC
gnome -- file-rollerAn issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.2019-09-21not yet calculatedCVE-2019-16680
MISC
MISC
MISC
UBUNTU
honeywell -- performance_ip_cameras_and_performance_nvrsIn Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.2019-09-26not yet calculatedCVE-2019-13523
MISC
ibm -- mqIBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.2019-09-27not yet calculatedCVE-2019-4141
XF
CONFIRM
jenkins -- jenkinsA missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.2019-09-25not yet calculatedCVE-2019-10409
MLIST
CONFIRM
jenkins -- jenkinsJenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules.2019-09-25not yet calculatedCVE-2019-10410
MLIST
CONFIRM
kkcms_project -- kkcmskkcms 1.3 has jx.php?url= XSS.2019-09-27not yet calculatedCVE-2019-16923
MISC
lemonldap-ng -- lemonldap-ngOpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs.2019-09-25not yet calculatedCVE-2019-15941
MISC
MISC
BUGTRAQ
DEBIAN
lenovo -- system_updateA denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.2019-09-26not yet calculatedCVE-2019-6175
MISC
lenovo -- thinkagile_cloud_platform-storage_block_bmcAn internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.2019-09-26not yet calculatedCVE-2019-6161
MISC
libreoffice -- libreofficeLibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1.2019-09-27not yet calculatedCVE-2019-9853
CONFIRM
linux -- linux_kernelIn the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.2019-09-27not yet calculatedCVE-2019-16921
MISC
MISC
mit_kerberos -- krb5A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.2019-09-26not yet calculatedCVE-2019-14844
CONFIRM
MISC
netgate -- pfsensediag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.2019-09-26not yet calculatedCVE-2019-16667
MISC
netgate -- pfsenseAn issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.2019-09-26not yet calculatedCVE-2019-16915
MISC
MISC
MISC
netskope -- netskope_client_serviceThe Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.2019-09-26not yet calculatedCVE-2019-12091
MISC
CONFIRM
CONFIRM
netskope -- netskope_client_serviceThe Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.2019-09-26not yet calculatedCVE-2019-10882
MISC
CONFIRM
CONFIRM
netty -- nettyNetty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.2019-09-26not yet calculatedCVE-2019-16869
MISC
MISC
phpbb -- phpbbphpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS2019-09-27not yet calculatedCVE-2019-13376
MISC
MISC
prise -- adasAn issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.2019-09-20not yet calculatedCVE-2019-14916
MISC
MISC
rubyzip_gem_for_ruby_on_rails -- rubyzip_gem_for_ruby_on_railsIn Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).2019-09-25not yet calculatedCVE-2019-16892
MISC
runc -- runcrunc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.2019-09-25not yet calculatedCVE-2019-16884
MISC
salesagility -- suitecrmSuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.2019-09-27not yet calculatedCVE-2019-16922
MISC
samsung -- samsungtts_for_androidThe Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.2019-09-25not yet calculatedCVE-2019-16253
MISC
silverstripe -- silverstripeIn the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)2019-09-26not yet calculatedCVE-2019-16409
MISC
MISC
CONFIRM
ubiquiti -- edgemax_devicesUbiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.2019-09-25not yet calculatedCVE-2019-16889
MISC
MISC
MISC
wordpress -- wordpressThe wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.2019-09-25not yet calculatedCVE-2015-9433
MISC
MISC
MISC
wordpress -- wordpressThe yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.2019-09-25not yet calculatedCVE-2015-9429
MISC
MISC
MISC
wordpress -- wordpressThe PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.2019-09-25not yet calculatedCVE-2015-9423
MISC
MISC
MISC
wordpress -- wordpressThe Postmatic plugin before 1.4.6 for WordPress has XSS.2019-09-25not yet calculatedCVE-2015-9411
MISC
MISC
wordpress -- wordpressThe sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.2019-09-25not yet calculatedCVE-2015-9416
MISC
MISC
wordpress -- wordpressThe Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.2019-09-25not yet calculatedCVE-2015-9418
MISC
MISC
MISC
wordpress -- wordpressThe PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.2019-09-25not yet calculatedCVE-2015-9422
MISC
MISC
MISC
wordpress -- wordpressDirectory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.2019-09-20not yet calculatedCVE-2015-9406
MISC
MISC
wordpress -- wordpressThe alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.2019-09-25not yet calculatedCVE-2015-9432
MISC
MISC
MISC
wordpress -- wordpressThe oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.2019-09-25not yet calculatedCVE-2015-9435
MISC
MISC
wordpress -- wordpressThe easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.2019-09-26not yet calculatedCVE-2019-16524
MISC
CONFIRM
MISC
wordpress -- wordpressIn the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.2019-09-27not yet calculatedCVE-2019-16902
MISC
MISC
wordpress -- wordpressThe admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.2019-09-20not yet calculatedCVE-2015-9390
MISC
MISC
wordpress -- wordpressThe qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.2019-09-25not yet calculatedCVE-2015-9431
MISC
MISC
MISC
wordpress -- wordpressThe soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.2019-09-25not yet calculatedCVE-2015-9420
MISC
MISC
MISC
wordpress --  wordpressThe Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.2019-09-25not yet calculatedCVE-2015-9412
MISC
MISC
yzmcms -- yzmcmsAn HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.2019-09-26not yet calculatedCVE-2019-16532
MISC
EXPLOIT-DB

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.