Vulnerability Summary for the Week of December 9, 2019
Released
Dec 16, 2019
Document ID
SB19-350
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amazon -- blink_xt2_camera | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. | 2019-12-11 | 8.3 | CVE-2019-3988 CONFIRM |
| amazon -- blink_xt2_camera | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. | 2019-12-11 | 8.3 | CVE-2019-3987 CONFIRM |
| amazon -- blink_xt2_camera | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | 2019-12-11 | 8.3 | CVE-2019-3986 CONFIRM |
| amazon -- blink_xt2_camera | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | 2019-12-11 | 7.2 | CVE-2019-3983 CONFIRM |
| amazon -- blink_xt2_camera | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | 2019-12-11 | 9.3 | CVE-2019-3989 CONFIRM |
| amazon -- blink_xt2_camera | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. | 2019-12-11 | 8.3 | CVE-2019-3985 CONFIRM |
| electronic_arts -- origin | Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). | 2019-12-12 | 7.2 | CVE-2019-19247 MISC |
| electronic_arts -- origin | Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). | 2019-12-12 | 7.2 | CVE-2019-19248 CONFIRM |
| git_project -- git | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | 2019-12-11 | 10 | CVE-2019-19604 MLIST MISC CONFIRM CONFIRM DEBIAN |
| google -- android | In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678 | 2019-12-06 | 7.8 | CVE-2019-2232 MISC |
| google -- android | In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986 | 2019-12-06 | 9.3 | CVE-2019-2224 MISC |
| google -- android | In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173 | 2019-12-06 | 7.2 | CVE-2019-2218 MISC |
| google -- android | In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796 | 2019-12-06 | 7.2 | CVE-2019-2217 MISC |
| ibm -- cloud_pak_system | Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179. | 2019-12-10 | 10 | CVE-2019-4521 XF CONFIRM |
| ibm -- spectrum_scale | IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093. | 2019-12-11 | 9 | CVE-2019-4715 XF CONFIRM |
| intesync -- solismed | Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. | 2019-12-12 | 7.5 | CVE-2019-15931 MISC MISC MISC MISC |
| intesync -- solismed | Intesync Solismed 3.3sp has Incorrect Access Control. | 2019-12-12 | 7.5 | CVE-2019-15932 MISC MISC MISC MISC |
| intesync -- solismed | Intesync Solismed 3.3sp has SQL Injection. | 2019-12-12 | 7.5 | CVE-2019-15933 MISC MISC MISC MISC |
| intesync -- solismed | Intesync Solismed 3.3sp allows Insecure File Upload. | 2019-12-12 | 7.5 | CVE-2019-15936 MISC MISC MISC |
| intesync -- solismed | Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution. | 2019-12-12 | 7.5 | CVE-2019-16246 MISC MISC MISC |
| libsixel_project -- libsixel | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c. | 2019-12-08 | 7.5 | CVE-2019-19636 MISC |
| libsixel_project -- libsixel | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c. | 2019-12-08 | 7.5 | CVE-2019-19635 MISC |
| libsixel_project -- libsixel | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c. | 2019-12-08 | 7.5 | CVE-2019-19637 MISC |
| libsixel_project -- libsixel | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow. | 2019-12-08 | 7.5 | CVE-2019-19638 MISC |
| libyang -- libyang | In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. | 2019-12-06 | 7.5 | CVE-2019-19333 CONFIRM CONFIRM |
| microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 2019-12-10 | 7.6 | CVE-2019-1485 MISC |
| microsoft -- multiple_products | A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'. | 2019-12-10 | 7.1 | CVE-2019-1461 MISC |
| microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. | 2019-12-10 | 9.3 | CVE-2019-1462 MISC MISC |
| microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483. | 2019-12-10 | 7.2 | CVE-2019-1476 MISC MISC |
| microsoft -- multiple_windows_products | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 2019-12-10 | 9.3 | CVE-2019-1468 MISC MISC |
microsoft -- multiple_windows_products
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 2019-12-10 | 7.2 | CVE-2019-1458 MISC |
| microsoft -- windows_10_and_windows_server_2019 | An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. | 2019-12-10 | 7.2 | CVE-2019-1477 MISC |
| microsoft -- windows_10_and_windows_server_and_windows_server_2019 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1476. | 2019-12-10 | 7.2 | CVE-2019-1483 MISC MISC |
| microsoft -- windows_7_and_windows_server_2008_and_windows_server_2008_r2 | An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | 2019-12-10 | 7.2 | CVE-2019-1478 MISC |
| monkey_project -- monkey_http_daemon | Monkey HTTP Daemon: broken user name authentication | 2019-12-10 | 7.5 | CVE-2013-2159 MISC MISC MISC MISC |
| nolio -- ca_release_automation | An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | 2019-12-09 | 7.5 | CVE-2019-19230 MISC FULLDISC BUGTRAQ CONFIRM |
| octeth -- oempro | Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable. | 2019-12-12 | 7.5 | CVE-2019-19740 MISC MISC |
| ovirt -- ovirt_node | oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation | 2019-12-10 | 7.2 | CVE-2013-0293 MISC MISC MISC MISC MISC |
| qualcomm -- multiple_snapdragon_products | Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 2019-12-12 | 10 | CVE-2019-10511 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130 | 2019-12-12 | 7.2 | CVE-2019-2288 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 2019-12-12 | 7.2 | CVE-2019-2321 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 2019-12-12 | 10 | CVE-2019-10493 CONFIRM |
| qualcomm -- multiple_snapdragon_products | While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 2019-12-12 | 7.8 | CVE-2019-2337 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2019-12-12 | 7.5 | CVE-2019-10559 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 2019-12-12 | 7.8 | CVE-2019-10485 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 2019-12-12 | 10 | CVE-2019-2320 CONFIRM |
| sitevision -- sitevision | SiteVision 4 allows Remote Code Execution. | 2019-12-06 | 9 | CVE-2019-12733 MISC FULLDISC FULLDISC MISC MISC MISC |
| sqlite -- sqlite | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | 2019-12-09 | 7.5 | CVE-2019-19603 MISC MISC |
| symantec -- messaging_gateway | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | 2019-12-11 | 7.5 | CVE-2019-18379 MISC |
| sysstat_project -- sysstat | sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | 2019-12-11 | 7.5 | CVE-2019-19725 MISC |
| trend_micro -- security_2020 | Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. | 2019-12-09 | 7.5 | CVE-2019-18190 MISC |
| weidmueller -- multiple_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention. | 2019-12-06 | 7.5 | CVE-2019-16670 MISC MISC MISC MISC |
| zoho_manageengine -- applications_manager | Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | 2019-12-11 | 7.5 | CVE-2019-19649 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accentis -- content_resource_management_system | Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter. | 2019-12-09 | 4.3 | CVE-2015-3425 MISC |
| accentis -- content_resource_management_system | SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. | 2019-12-09 | 6.5 | CVE-2015-3424 MISC |
| atasm -- atasm | ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. | 2019-12-13 | 6.8 | CVE-2019-19786 MISC |
| atasm -- atasm | ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. | 2019-12-13 | 6.8 | CVE-2019-19787 MISC |
| atasm -- atasm | ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. | 2019-12-13 | 6.8 | CVE-2019-19785 MISC |
| atlassian -- fisheye_and_crucible | The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | 2019-12-11 | 4 | CVE-2019-15009 MISC MISC |
| atlassian -- fisheye_and_crucible | The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. | 2019-12-11 | 4.3 | CVE-2019-15008 MISC MISC |
| atlassian -- jira | The Work Time Calendar app before 4.7.1 for Jira allows XSS. | 2019-12-12 | 4.3 | CVE-2019-19748 MISC |
| audible -- audible | The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. | 2019-12-06 | 4.3 | CVE-2019-11554 MISC |
| cacti -- cacti | Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. | 2019-12-12 | 5.5 | CVE-2019-17358 MISC MISC MISC MISC MISC MISC MISC |
| commenthol -- serialize-to-js | The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. | 2019-12-07 | 4.3 | CVE-2019-16772 MISC CONFIRM |
| davical -- davical | A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application. | 2019-12-12 | 4.3 | CVE-2019-18345 MISC MISC MISC MLIST MISC MISC DEBIAN |
| documize -- documize | domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS. | 2019-12-06 | 4.3 | CVE-2019-19619 MISC MISC MISC |
| gnome -- libxslt | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | 2019-12-11 | 5 | CVE-2019-5815 MISC MISC |
| gnome -- orca | Orca has arbitrary code execution due to insecure Python module load | 2019-12-11 | 4.4 | CVE-2013-4245 MISC MISC MISC MISC |
| google -- android | When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 | 2019-12-06 | 5.8 | CVE-2019-2225 MISC |
| google -- android | In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 | 2019-12-06 | 4.9 | CVE-2019-2228 MISC |
| google -- android | In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 | 2019-12-06 | 4.9 | CVE-2019-2220 MISC |
| google -- android | In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | 2019-12-06 | 4.3 | CVE-2019-9464 MISC |
| google -- android
| In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 | 2019-12-06 | 6.8 | CVE-2019-2223 MISC |
| google -- android | In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 | 2019-12-06 | 4.6 | CVE-2019-2221 MISC |
| google -- android | In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698 | 2019-12-06 | 4.7 | CVE-2019-2219 MISC |
| google -- android | In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 | 2019-12-06 | 5 | CVE-2019-2230 MISC |
| google -- android | In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 | 2019-12-06 | 4.9 | CVE-2019-2226 MISC |
| google -- android | n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 | 2019-12-06 | 6.8 | CVE-2019-2222 MISC |
| google -- chrome | Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13732 MISC MISC |
| google -- chrome | Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13750 MISC MISC |
| google -- chrome | Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. | 2019-12-10 | 6.8 | CVE-2019-13741 MISC MISC |
| google -- chrome | Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS. | 2019-12-10 | 4.3 | CVE-2019-13672 MISC MISC |
| google -- chrome | Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13744 MISC MISC |
| google -- chrome | Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13737 MISC MISC |
| google -- chrome | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 2019-12-10 | 4.3 | CVE-2019-13761 MISC MISC |
| google -- chrome | Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13726 MISC MISC |
| google -- chrome | Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13759 MISC MISC |
| google -- chrome | Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13758 MISC MISC |
| google -- chrome | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 2019-12-10 | 4.3 | CVE-2019-13757 MISC MISC |
| google -- chrome | Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13763 MISC MISC |
| google -- chrome | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13755 MISC MISC |
| google -- chrome | Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13756 MISC MISC |
| google -- chrome | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13752 MISC MISC |
| google -- chrome | Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13738 MISC MISC |
| google -- chrome | Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13745 MISC MISC |
| google -- chrome | Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13743 MISC MISC |
| google -- chrome | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 2019-12-10 | 4.3 | CVE-2019-13742 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 2019-12-10 | 4.3 | CVE-2019-13739 MISC MISC |
| google -- chrome | Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13740 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13746 MISC MISC |
| google -- chrome | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13749 MISC MISC |
| google -- chrome | Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13748 MISC MISC |
| google -- chrome | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13754 MISC MISC |
| google -- chrome | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13753 MISC MISC |
| google -- chrome | Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2019-12-10 | 4.3 | CVE-2019-13751 MISC MISC |
| google -- chrome | Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13725 MISC MISC |
| google -- chrome | Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-5841 MISC MISC |
| google -- chrome | Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13730 MISC MISC |
| google -- chrome | Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13764 MISC MISC |
| google -- chrome | Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13735 MISC MISC |
| google -- chrome | Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13734 MISC MISC |
| google -- chrome | Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13747 MISC MISC |
| google -- chrome | Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 2019-12-10 | 6.8 | CVE-2019-13736 MISC MISC |
| google -- chrome | Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13729 MISC MISC |
| google -- chrome | Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-5843 MISC MISC |
| google -- chrome | Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13728 MISC MISC |
| google -- chrome | Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 2019-12-10 | 6.8 | CVE-2019-13727 MISC MISC |
| htmldoc -- htmldoc | HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. | 2019-12-08 | 6.8 | CVE-2019-19630 MISC MLIST |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015. | 2019-12-10 | 4.3 | CVE-2019-4095 XF CONFIRM |
| ibm -- planning_analytics | IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. | 2019-12-09 | 6.5 | CVE-2019-4612 XF CONFIRM |
| ibm -- smartcloud_analytics | IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518. | 2019-12-10 | 6.4 | CVE-2019-4244 XF CONFIRM |
| intesync -- solismed | Intesync Solismed 3.3sp has CSRF. | 2019-12-12 | 6.8 | CVE-2019-15934 MISC MISC MISC MISC |
| intesync -- solismed | Intesync Solismed 3.3sp allows Clickjacking. | 2019-12-12 | 4.3 | CVE-2019-15930 MISC MISC MISC MISC |
| intesync -- solismed | Intesync Solismed 3.3sp has XSS. | 2019-12-12 | 4.3 | CVE-2019-15935 MISC MISC MISC MISC |
| intesync -- solismed | An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted. | 2019-12-12 | 4.3 | CVE-2019-17428 MISC MISC MISC |
| katello -- katello | Katello has a Denial of Service vulnerability in API OAuth authentication | 2019-12-10 | 5 | CVE-2013-4120 MISC MISC |
| ktor -- ktor | In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | 2019-12-10 | 5.8 | CVE-2019-19703 MISC |
| libcapsinetwork_and_monopd -- libcapsinetwork_and_monopd | Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line. | 2019-12-09 | 5 | CVE-2015-0841 MISC MISC MISC MISC |
| linux -- linux_kernel | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | 2019-12-08 | 6.8 | CVE-2019-19447 MISC |
| linux -- linux_kernel | In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. | 2019-12-08 | 6.8 | CVE-2019-19448 MISC |
| linux -- linux_kernel | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). | 2019-12-08 | 6.8 | CVE-2019-19449 MISC |
| marc-q -- libwav | marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c. | 2019-12-10 | 4.3 | CVE-2019-19698 MISC MISC |
| mediawiki -- mediawiki | The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. | 2019-12-11 | 4.3 | CVE-2019-19708 MISC MISC |
| microsoft -- authentication_library_for_android | An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'. | 2019-12-10 | 4 | CVE-2019-1487 MISC |
| microsoft -- multiple_excel_and_office_products | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 2019-12-10 | 4.3 | CVE-2019-1464 MISC |
| microsoft -- multiple_windows_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466. | 2019-12-10 | 4.3 | CVE-2019-1467 MISC |
| microsoft -- multiple_windows_products | An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 2019-12-10 | 4 | CVE-2019-1470 MISC |
| microsoft -- multiple_windows_products | A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 2019-12-10 | 5 | CVE-2019-1453 MISC |
| microsoft -- multiple_windows_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467. | 2019-12-10 | 4.3 | CVE-2019-1465 MISC MISC |
| microsoft -- multiple_windows_products | A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 2019-12-10 | 6.8 | CVE-2019-1484 MISC |
| microsoft -- multiple_windows_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467. | 2019-12-10 | 4.3 | CVE-2019-1466 MISC MISC |
| microsoft -- power_bi_report_server_and_sql_server _ 2017_ reporting _ services _and_sql_server _ 2019_ reporting _ services | A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. | 2019-12-10 | 4.3 | CVE-2019-1332 MISC |
| microsoft -- windows_10_and_windows_server_and_windows_server_2019 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 2019-12-10 | 6.5 | CVE-2019-1471 MISC |
| microsoft -- windows_7 | An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1481. | 2019-12-10 | 4.3 | CVE-2019-1480 MISC MISC |
| microsoft -- windows_7 | An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480. | 2019-12-10 | 4.3 | CVE-2019-1481 MISC MISC |
| microsoft -- windows_xp_service | An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'. | 2019-12-10 | 5 | CVE-2019-1489 MISC |
| mozilla -- firefox | Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. | 2019-12-10 | 4.3 | CVE-2013-1689 CONFIRM MISC |
| nopcommerce -- nopcommerce | nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin. | 2019-12-09 | 6.5 | CVE-2019-19684 MISC |
| openstack -- openstack-utils | openstack-utils openstack-db has insecure password creation | 2019-12-10 | 5 | CVE-2013-1793 MISC MISC |
| puppet -- puppet_enterprise | Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." | 2019-12-11 | 4.3 | CVE-2013-4968 MISC |
| pyradius -- pyrad | The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294. | 2019-12-09 | 4.3 | CVE-2013-0342 MISC MISC MISC MISC MISC MISC CONFIRM |
| qualcomm -- multiple_snapdragon_products | Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150 | 2019-12-12 | 5 | CVE-2019-2310 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150 | 2019-12-12 | 4.4 | CVE-2019-10494 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150 | 2019-12-12 | 4.6 | CVE-2019-10555 CONFIRM |
| qualcomm -- multiple_snapdragon_products | An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855 | 2019-12-12 | 4.9 | CVE-2019-10520 CONFIRM |
| qualcomm -- multiple_snapdragon_products | HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 2019-12-12 | 4.6 | CVE-2019-2319 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2019-12-12 | 4.6 | CVE-2019-10592 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 2019-12-12 | 4.6 | CVE-2019-10530 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2019-12-12 | 4.6 | CVE-2019-10571 CONFIRM |
| radare -- radare2 | radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. | 2019-12-09 | 6.8 | CVE-2019-19647 MISC |
| red_hat -- jboss_enterprise_application_platform_and_jboss_portal_platform | JBossWeb Bayeux has reflected XSS | 2019-12-11 | 4.3 | CVE-2013-6495 MISC MISC |
| red_hat -- jboss_keycloak | JBoss KeyCloak: XSS in login-status-iframe.html | 2019-12-10 | 4.3 | CVE-2014-3656 MISC MISC |
| red_hat -- subscription_asset_manager | katello-headpin is vulnerable to CSRF in REST API | 2019-12-11 | 4.3 | CVE-2014-0026 MISC MISC |
| ros -- sros | SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.) | 2019-12-06 | 5 | CVE-2019-19627 MISC MISC MISC MISC MISC |
| ros -- sros | SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document. | 2019-12-06 | 5 | CVE-2019-19625 MISC MISC |
| samsung -- s6_edge | Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call. | 2019-12-09 | 4.6 | CVE-2015-7892 MISC MISC MISC |
| sitevision -- sitevision | SiteVision 4 has Incorrect Access Control. | 2019-12-06 | 6.5 | CVE-2019-12734 MISC FULLDISC FULLDISC MISC MISC MISC |
| symantec -- messaging_gateway | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2019-12-11 | 6.5 | CVE-2019-18377 MISC |
| tableau -- tableau_server | Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page. | 2019-12-11 | 4.3 | CVE-2019-19719 MISC |
| weidmueller -- multiple_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. | 2019-12-06 | 4 | CVE-2019-16673 MISC MISC CONFIRM MISC |
| weidmueller -- multiple_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | 2019-12-06 | 5 | CVE-2019-16672 MISC MISC CONFIRM MISC |
| weidmueller -- multiple_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network. | 2019-12-06 | 5 | CVE-2019-16674 MISC MISC CONFIRM MISC |
| weidmueller -- multiple_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. | 2019-12-06 | 6.8 | CVE-2019-16671 MISC MISC CONFIRM MISC |
| xfig_project -- fig2dev | make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | 2019-12-12 | 4.3 | CVE-2019-19746 MISC |
| zoho_manageengine -- applications_manager | Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | 2019-12-11 | 6.5 | CVE-2019-19650 CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| atlassian -- fisheye_and_crucible | The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. | 2019-12-11 | 3.5 | CVE-2019-15007 MISC MISC |
| atlassian -- jira | In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue. | 2019-12-09 | 3.5 | CVE-2019-19678 MISC |
| atlassian -- jira | In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue. | 2019-12-09 | 3.5 | CVE-2019-19679 MISC |
| cloud_foundry -- uaa_release | Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters. | 2019-12-06 | 3.5 | CVE-2019-11293 CONFIRM |
| google -- android | In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 | 2019-12-06 | 2.1 | CVE-2019-2229 MISC |
| google -- android | In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 | 2019-12-06 | 3.3 | CVE-2019-2227 MISC |
| google -- android | In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555 | 2019-12-06 | 2.1 | CVE-2019-2231 MISC |
| google -- chrome | Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. | 2019-12-10 | 2.1 | CVE-2019-13762 MISC MISC |
| ibm -- planning_analytics | IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519. | 2019-12-09 | 3.5 | CVE-2019-4611 XF CONFIRM |
| ibm -- spectrum_scale | IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247. | 2019-12-11 | 3.5 | CVE-2019-4665 XF CONFIRM |
| ibm -- watson_assistant | IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807. | 2019-12-09 | 3.5 | CVE-2019-4428 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245. | 2019-12-10 | 3.5 | CVE-2019-4663 XF CONFIRM |
| microsoft -- multiple_office_products | An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463. | 2019-12-10 | 2.1 | CVE-2019-1400 MISC |
| microsoft -- multiple_office_products | An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400. | 2019-12-10 | 2.1 | CVE-2019-1463 MISC |
| microsoft -- multiple_windows_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472. | 2019-12-10 | 2.1 | CVE-2019-1474 MISC |
| microsoft -- multiple_windows_products | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474. | 2019-12-10 | 2.1 | CVE-2019-1472 MISC |
| microsoft -- multiple_windows_products | A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'. | 2019-12-10 | 2.1 | CVE-2019-1488 MISC |
| microsoft -- multiple_windows_products | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 2019-12-10 | 2.1 | CVE-2019-1469 MISC |
| microsoft -- skype_for_business_server | A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. | 2019-12-10 | 3.5 | CVE-2019-1490 MISC |
| monkey_project -- monkey_http_daemon | Monkey HTTP Daemon has local security bypass | 2019-12-10 | 3.6 | CVE-2013-2183 MISC MISC MISC MISC |
| nopcommerce -- nopcommerce | nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor. | 2019-12-09 | 3.5 | CVE-2019-19682 MISC |
| qualcomm -- multiple_snapdragon_products | Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2019-12-12 | 2.1 | CVE-2019-10484 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150 | 2019-12-12 | 2.1 | CVE-2019-10545 CONFIRM |
| qualcomm -- multiple_snapdragon_products | Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 2019-12-12 | 3.6 | CVE-2019-2338 CONFIRM |
| sangoma -- freepbx | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. | 2019-12-06 | 3.5 | CVE-2019-19551 CONFIRM |
| sangoma -- freepbx | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account. | 2019-12-06 | 3.5 | CVE-2019-19552 MISC |
| sap -- adaptive_server_enterprise | SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. | 2019-12-11 | 2.1 | CVE-2019-0402 CONFIRM CONFIRM |
| symantec -- messaging_gateway | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | 2019-12-11 | 3.5 | CVE-2019-18378 MISC |
| wordpress -- wordpress | The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. | 2019-12-12 | 3.5 | CVE-2019-19198 MISC MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- webaccess | Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. | 2019-12-12 | not yet calculated | CVE-2019-3951 MISC |
| airlive -- poe-2600hd_devices | AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL. | 2019-12-11 | not yet calculated | CVE-2013-3691 MISC MISC |
| apache -- mod_wsgi | mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread. | 2019-12-09 | not yet calculated | CVE-2014-0242 MISC MISC MISC MISC |
| apache -- qpid-cpp | qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors | 2019-12-13 | not yet calculated | CVE-2014-0212 MISC MISC MISC |
| apache -- spamassassin | In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places. | 2019-12-12 | not yet calculated | CVE-2018-11805 MLIST CONFIRM MLIST MLIST MLIST MLIST MISC CONFIRM DEBIAN |
| apache -- spamassassin | In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. | 2019-12-12 | not yet calculated | CVE-2019-12420 MLIST MISC MLIST MLIST MLIST MLIST CONFIRM DEBIAN |
| apple -- safari | A freed memory access vulnerability exists in the SVG Marker Element feature of Apple Safari's WebKit version 13.0.2. A specially crafted HTML web page can cause a use after free, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted HTML web page needs to be opened in the browser. | 2019-12-12 | not yet calculated | CVE-2019-5144 MISC |
| atlassian -- multiple_products | An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value. | 2019-12-13 | not yet calculated | CVE-2019-13347 MISC MISC |
| avaya -- ip_office_application_server | A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. | 2019-12-12 | not yet calculated | CVE-2019-7004 CONFIRM |
| bitwarden -- server | The Bitwarden server through 1.32.0 has a potentially unwanted KDF. | 2019-12-12 | not yet calculated | CVE-2019-19766 MISC MISC |
| bson-objectid -- bson-objectid | An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype. | 2019-12-11 | not yet calculated | CVE-2019-19729 MISC MISC |
| chrony -- chrony | chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. | 2019-12-09 | not yet calculated | CVE-2015-1853 MISC MISC |
| coredns -- coredns | The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. | 2019-12-13 | not yet calculated | CVE-2019-19794 MISC MISC MISC MISC |
| cyxtera -- appgate_sdp_client | In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges. | 2019-12-13 | not yet calculated | CVE-2019-19793 MISC |
| data-uuid -- data-uuid | Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | 2019-12-10 | not yet calculated | CVE-2013-4184 MISC MISC MISC MISC MISC MISC MISC |
| dbd-pgpp -- dbd-pgpp | SQL injection vulnerability in DBD::PgPP 0.05 and earlier | 2019-12-11 | not yet calculated | CVE-2014-7257 MISC MISC |
| dovecot -- dovecot | In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. | 2019-12-13 | not yet calculated | CVE-2019-19722 CONFIRM CONFIRM CONFIRM CONFIRM |
| duplicity -- duplicity | duplicity 0.6.24 has improper verification of SSL certificates | 2019-12-13 | not yet calculated | CVE-2014-3495 MISC MISC MISC MISC |
| egain -- mail | The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.) | 2019-12-13 | not yet calculated | CVE-2019-17123 MISC |
| enshrined -- svg-sanitize | It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer. | 2019-12-11 | not yet calculated | CVE-2019-10772 MISC |
| envoy_proxy -- envoy | An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially. | 2019-12-13 | not yet calculated | CVE-2019-18801 MISC MISC MISC CONFIRM MISC |
| envoy_proxy -- envoy | An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process. | 2019-12-13 | not yet calculated | CVE-2019-18838 MISC MISC CONFIRM MISC |
| envoy_proxy -- envoy | An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers. | 2019-12-13 | not yet calculated | CVE-2019-18802 MISC MISC MISC MISC |
| erlang -- erlang | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 2019-12-10 | not yet calculated | CVE-2016-1000107 MISC MISC MISC MISC |
| firecracker -- firecracker | Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes. | 2019-12-11 | not yet calculated | CVE-2019-18960 MISC MISC MISC CONFIRM CONFIRM |
| foreman -- foreman | Foreman has improper input validation which could lead to partial Denial of Service | 2019-12-11 | not yet calculated | CVE-2014-0091 MISC MISC MISC |
| grandstream -- multiple_products | Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. | 2019-12-11 | not yet calculated | CVE-2013-3542 MISC MISC |
| hammer_cli_foreman_gem_for_ruby_on_rails -- hammer_cli_foreman_gem_for_ruby_on_rails | rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | 2019-12-13 | not yet calculated | CVE-2014-0241 MISC MISC |
| hostapd -- hostapd | An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. | 2019-12-12 | not yet calculated | CVE-2019-5061 MISC |
| hostapd -- hostapd | An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service. | 2019-12-12 | not yet calculated | CVE-2019-5062 MISC |
| huawei -- campusinsight | There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash. | 2019-12-13 | not yet calculated | CVE-2019-5278 MISC |
| huawei -- cloudengine | CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device. | 2019-12-13 | not yet calculated | CVE-2019-5248 MISC |
| huawei -- cloudusm-eua | Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation. | 2019-12-13 | not yet calculated | CVE-2019-5277 MISC |
| huawei -- e5572-855 | E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack. | 2019-12-13 | not yet calculated | CVE-2019-5253 MISC |
| huawei -- mate_20_pro_smartphone | Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. | 2019-12-13 | not yet calculated | CVE-2019-5250 MISC |
| huawei -- multiple_products | There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks. | 2019-12-13 | not yet calculated | CVE-2019-19397 MISC |
| huawei -- multiple_products
| Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service. | 2019-12-13 | not yet calculated | CVE-2019-5255 MISC |
| huawei -- multiple_products
| Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network. | 2019-12-13 | not yet calculated | CVE-2019-5257 MISC |
| huawei -- multiple_products
| Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal. | 2019-12-13 | not yet calculated | CVE-2019-5258 MISC |
| huawei -- multiple_products | Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system dereferences a pointer that it expects to be valid, but is NULL. A local attacker could exploit this vulnerability by sending crafted parameters. A successful exploit could cause a denial of service and the process reboot. | 2019-12-13 | not yet calculated | CVE-2019-5256 MISC |
| huawei -- multiple_products | Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal. | 2019-12-13 | not yet calculated | CVE-2019-5291 MISC |
| huawei -- multiple_products | Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal. | 2019-12-13 | not yet calculated | CVE-2019-5254 MISC |
| huawei -- multiple_smartphones | Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal. | 2019-12-14 | not yet calculated | CVE-2019-5235 MISC |
| huawei -- multiple_smartphones | There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure. | 2019-12-13 | not yet calculated | CVE-2019-5264 MISC |
| huawei -- multiple_smartphones | There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant. | 2019-12-14 | not yet calculated | CVE-2019-5252 MISC |
| huawei -- multiple_smartphones | There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure. | 2019-12-13 | not yet calculated | CVE-2019-5251 MISC |
| huawei -- s5700_and_s6700_switches | Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal. | 2019-12-13 | not yet calculated | CVE-2019-5290 MISC |
| huawei -- y9_2019_and_honor_view_20_smartphones | Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot. | 2019-12-13 | not yet calculated | CVE-2019-5260 MISC |
| ibm -- case_manager | The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772. | 2019-12-13 | not yet calculated | CVE-2019-4426 XF CONFIRM CONFIRM |
| ibm -- datapower_gateway | IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883. | 2019-12-09 | not yet calculated | CVE-2019-4621 XF CONFIRM |
| ibm -- db2_high_performance_unload | IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298. | 2019-12-12 | not yet calculated | CVE-2019-4606 XF CONFIRM |
| idrix -- veracrypt | VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. | 2019-12-13 | not yet calculated | CVE-2019-19501 MISC MISC |
| kde -- kde_workspace | kde-workspace before 4.10.5 has a memory leak in plasma desktop | 2019-12-10 | not yet calculated | CVE-2013-4133 MISC MISC MISC MISC MISC MISC MISC |
| labf -- aceaxe_plus | The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server. | 2019-12-13 | not yet calculated | CVE-2019-19782 MISC MISC |
| last.fm -- last.fm_app_for_macos | The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts. | 2019-12-10 | not yet calculated | CVE-2019-19251 MISC |
| lead_technologies -- leadtools | An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability. | 2019-12-12 | not yet calculated | CVE-2019-5085 CONFIRM |
| lead_technologies -- leadtools | An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. | 2019-12-12 | not yet calculated | CVE-2019-5090 CONFIRM |
| lead_technologies -- leadtools | An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. | 2019-12-12 | not yet calculated | CVE-2019-5154 CONFIRM |
| lead_technologies -- leadtools | An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability. | 2019-12-12 | not yet calculated | CVE-2019-5093 CONFIRM |
| lead_technologies -- leadtools | An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability. | 2019-12-12 | not yet calculated | CVE-2019-5092 CONFIRM |
| lead_technologies -- leadtools | An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability. | 2019-12-12 | not yet calculated | CVE-2019-5091 CONFIRM |
| lenovo-- energy_management_driver_for_windows_10 | A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected. | 2019-12-10 | not yet calculated | CVE-2019-6183 CONFIRM |
| lenovo-- power_management_driver | A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | 2019-12-10 | not yet calculated | CVE-2019-6192 MISC CONFIRM |
| libsixel_project -- libsixel | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c. | 2019-12-13 | not yet calculated | CVE-2019-19778 MISC |
| libssh -- libssh | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. | 2019-12-10 | not yet calculated | CVE-2019-14889 CONFIRM UBUNTU CONFIRM |
| linux -- linux_kernel | In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | 2019-12-12 | not yet calculated | CVE-2019-19768 MISC |
| linux -- linux_kernel | In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | 2019-12-12 | not yet calculated | CVE-2019-19769 MISC |
| linux -- linux_kernel | In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). | 2019-12-12 | not yet calculated | CVE-2019-19770 MISC |
| linux -- linux_kernel | The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. | 2019-12-12 | not yet calculated | CVE-2019-19767 MISC MISC MISC MISC MISC |
| mcafee -- techcheck | DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. | 2019-12-11 | not yet calculated | CVE-2019-3667 CONFIRM |
| mcollective -- mcollective | mcollective has a default password set at install | 2019-12-13 | not yet calculated | CVE-2014-0175 MISC MISC MISC |
| mediawiki -- mediawiki | includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | 2019-12-11 | not yet calculated | CVE-2013-4303 MISC MISC MISC MISC MISC |
| mediawiki -- mediawiki | MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 2019-12-11 | not yet calculated | CVE-2019-19709 MISC MISC |
| micro_focus -- acutoweb | Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. | 2019-12-11 | not yet calculated | CVE-2019-17087 CONFIRM |
| microsoft -- visual_studio_2019_and_visual_studio_live_share | A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | 2019-12-10 | not yet calculated | CVE-2019-1486 MISC |
| minerstat -- msos | minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. | 2019-12-12 | not yet calculated | CVE-2019-19750 MISC |
| modoboa -- modoboa | The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain. | 2019-12-10 | not yet calculated | CVE-2019-19702 MISC |
| moxa -- eds-g508e_and_eds-g512e_and_eds-g516e_devices | On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. | 2019-12-11 | not yet calculated | CVE-2019-19707 MISC |
| multiple_vendors -- multiple_products | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | 2019-12-11 | not yet calculated | CVE-2019-14899 CONFIRM MISC |
| node-connect -- node-connect | node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 2019-12-11 | not yet calculated | CVE-2013-7370 MISC MISC MISC MISC MISC MISC MISC |
| node-connect -- node-connect | node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | 2019-12-11 | not yet calculated | CVE-2013-7371 MISC MISC MISC MISC MISC MISC |
| node.js -- node.js | The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets. | 2019-12-12 | not yet calculated | CVE-2019-19771 MISC MISC |
| nopcommerce -- nopcommerce | RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. | 2019-12-09 | not yet calculated | CVE-2019-19685 MISC |
| nopcommerce -- nopcommerce | RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. | 2019-12-09 | not yet calculated | CVE-2019-19683 MISC |
| npm -- cli | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user?s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | 2019-12-13 | not yet calculated | CVE-2019-16776 MISC CONFIRM |
| npm -- cli | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user?s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | 2019-12-13 | not yet calculated | CVE-2019-16775 MISC CONFIRM |
| npm -- cli | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | 2019-12-13 | not yet calculated | CVE-2019-16777 MISC CONFIRM |
| omniauth-facebook_gem_for_ruby_on_rails -- omniauth-facebook_gem_for_ruby_on_rails | RubyGem omniauth-facebook has an access token security vulnerability | 2019-12-11 | not yet calculated | CVE-2013-4593 MISC MISC MISC MISC |
| openbsd -- openbsd | lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | 2019-12-10 | not yet calculated | CVE-2012-1577 CONFIRM MISC MISC MISC |
| openbsd -- openbsd | OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. | 2019-12-12 | not yet calculated | CVE-2019-19726 MISC FULLDISC BUGTRAQ CONFIRM MISC |
| openshift-origin-controller_gem_for_ruby_on_rails -- openshift-origin-controller_gem_for_ruby_on_rails | rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | 2019-12-10 | not yet calculated | CVE-2013-2095 MISC MISC |
| openstack -- keystone | OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) | 2019-12-09 | not yet calculated | CVE-2019-19687 MLIST MISC MISC MISC MISC CONFIRM |
| pen -- pen | Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | 2019-12-13 | not yet calculated | CVE-2014-2387 MISC MISC MISC MISC MISC MISC MISC |
| phpfastcache -- phpfastcache | In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. | 2019-12-12 | not yet calculated | CVE-2019-16774 MISC MISC CONFIRM |
| puppet -- puppet_enterprise | When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user?s username and password were exposed in the job?s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module. | 2019-12-12 | not yet calculated | CVE-2019-10695 MISC |
| puppet -- puppet_enterprise | The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9. | 2019-12-12 | not yet calculated | CVE-2019-10694 MISC |
| python-keystoneclient -- python-keystoneclient | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | 2019-12-10 | not yet calculated | CVE-2013-2166 MISC MISC MISC MISC MISC MISC MISC MISC |
| python-keystoneclient -- python-keystoneclient | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | 2019-12-10 | not yet calculated | CVE-2013-2167 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| qualcomm -- snapdragon_connectivity | Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390 | 2019-12-12 | not yet calculated | CVE-2019-10618 CONFIRM |
| red_hat -- cloudform_management_engine | CFME: CSRF protection vulnerability via permissive check of the referrer header | 2019-12-13 | not yet calculated | CVE-2014-0197 MISC MISC |
| red_hat -- openshift | Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | 2019-12-11 | not yet calculated | CVE-2014-0163 MISC MISC |
| red_hat -- 3scale | A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information. | 2019-12-12 | not yet calculated | CVE-2019-14849 CONFIRM |
| relialble_controls -- licensemanager | Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application. | 2019-12-11 | not yet calculated | CVE-2019-18245 MISC |
| samba -- samba | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. | 2019-12-10 | not yet calculated | CVE-2019-14861 CONFIRM FEDORA CONFIRM UBUNTU UBUNTU CONFIRM |
| samba -- samba | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. | 2019-12-10 | not yet calculated | CVE-2019-14870 CONFIRM FEDORA CONFIRM UBUNTU UBUNTU CONFIRM |
| samurai -- samurai | samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. | 2019-12-13 | not yet calculated | CVE-2019-19795 MISC |
| sap -- businessobjects_business_intelligence_platform | Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | 2019-12-11 | not yet calculated | CVE-2019-0398 CONFIRM CONFIRM |
| sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. | 2019-12-11 | not yet calculated | CVE-2019-0395 CONFIRM CONFIRM |
| sap -- enable_now | SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | 2019-12-11 | not yet calculated | CVE-2019-0405 CONFIRM CONFIRM |
| sap -- enable_now | SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | 2019-12-11 | not yet calculated | CVE-2019-0404 CONFIRM CONFIRM |
| sap -- enable_now | SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | 2019-12-11 | not yet calculated | CVE-2019-0403 CONFIRM CONFIRM |
| sap -- portfolio_and_project_management | SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure. | 2019-12-11 | not yet calculated | CVE-2019-0399 CONFIRM CONFIRM |
| secureworks -- red_cloak_windows_agent | In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. | 2019-12-06 | not yet calculated | CVE-2019-19620 MISC MISC |
| siemens -- en100_ethernet_modules | A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-13943 CONFIRM |
| siemens -- en100_ethernet_modules | A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-13944 CONFIRM |
| siemens -- en100_ethernet_modules | A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-13942 CONFIRM |
| siemens -- multiple_desigo_px_products | A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-13927 MISC |
| siemens -- simatic_s7-1200_cpu_and_simatic_s7-200_smart_cpu | A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-13945 MISC |
| siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server | A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context. | 2019-12-12 | not yet calculated | CVE-2019-18338 CONFIRM |
| siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server | A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The user configuration menu in the web interface of the SiNVR 3 Central Control Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other SiNVR 3 CCS users. | 2019-12-12 | not yet calculated | CVE-2019-13947 CONFIRM |
| siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server | A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations). | 2019-12-12 | not yet calculated | CVE-2019-18341 CONFIRM |
| siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server | A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). Both the SiNVR 3 Video Server and the Central Control Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks. | 2019-12-12 | not yet calculated | CVE-2019-18340 CONFIRM |
| siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server | A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext. | 2019-12-12 | not yet calculated | CVE-2019-18339 CONFIRM |
| siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server | A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server. | 2019-12-12 | not yet calculated | CVE-2019-18342 CONFIRM |
| siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server | A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext. | 2019-12-12 | not yet calculated | CVE-2019-18337 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18318 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18283 MISC CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18319 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18317 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18315 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18284 MISC CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18285 MISC CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18288 MISC CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18287 MISC CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18316 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18286 MISC CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18314 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18331 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18333 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18320 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18335 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18334 CONFIRM |
| siemens -- sppa-t3000_application_server | A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18332 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18323 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18295 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18304 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18290 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18306 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18310 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18326 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18305 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18313 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18303 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18311 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18307 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18293 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18292 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18308 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18291 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18294 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18312 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18296 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18299 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18300 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18298 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18301 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18309 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18302 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18289 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18297 MISC CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18321 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18322 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18325 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18327 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18330 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18328 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18329 CONFIRM |
| siemens -- sppa-t3000_ms3000_migration_server | A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-18324 CONFIRM |
| siemens -- xhq | A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-13932 CONFIRM |
| siemens -- xhq | A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-13930 CONFIRM |
| siemens -- xhq | A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | 2019-12-12 | not yet calculated | CVE-2019-13931 CONFIRM |
| skymee -- petwant_pf-103_and_petalk_ai | A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | 2019-12-13 | not yet calculated | CVE-2019-16735 MISC |
| skymee -- petwant_pf-103_and_petalk_ai | A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | 2019-12-13 | not yet calculated | CVE-2019-16736 MISC |
| skymee -- petwant_pf-103_and_petalk_ai | The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 2019-12-13 | not yet calculated | CVE-2019-17364 MISC |
| skymee -- petwant_pf-103_and_petalk_ai | Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 2019-12-13 | not yet calculated | CVE-2019-16734 MISC |
| skymee -- petwant_pf-103_and_petalk_ai | processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 2019-12-13 | not yet calculated | CVE-2019-16733 MISC |
| skymee -- petwant_pf-103_and_petalk_ai | Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | 2019-12-13 | not yet calculated | CVE-2019-16732 MISC |
| skymee -- petwant_pf-103_and_petalk_ai | The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. | 2019-12-13 | not yet calculated | CVE-2019-16731 MISC |
| skymee -- petwant_pf-103_and_petalk_ai | processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 2019-12-13 | not yet calculated | CVE-2019-16730 MISC MISC |
| skymee -- petwant_pf-103_and_petalk_ai | The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 2019-12-13 | not yet calculated | CVE-2019-16737 MISC |
| smokeping -- smokeping | smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | 2019-12-11 | not yet calculated | CVE-2013-4158 MISC MISC MISC MISC MISC MISC MISC MISC |
| snakeyaml -- snakeyaml | The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | 2019-12-12 | not yet calculated | CVE-2017-18640 MISC MISC |
| sqlite -- sqlite | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | 2019-12-09 | not yet calculated | CVE-2019-19645 MISC |
| sqlite -- sqlite | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | 2019-12-09 | not yet calculated | CVE-2019-19646 MISC MISC MISC |
| squiz -- squiz_matrix_content_management_system | An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. This unserialization can be used to trigger the inclusion of arbitrary files on the filesystem (local file inclusion), and results in remote code execution. | 2019-12-11 | not yet calculated | CVE-2019-19373 FULLDISC MISC MISC |
| squiz -- squiz_matrix_content_management_system | An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.) | 2019-12-11 | not yet calculated | CVE-2019-19374 FULLDISC MISC MISC |
| stb_image.h -- stb_image.h | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | 2019-12-13 | not yet calculated | CVE-2019-19777 MISC |
| supermicro -- x8sti-f_motherboards | On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor. | 2019-12-08 | not yet calculated | CVE-2019-19642 MISC |
| suphp -- suphp | suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | 2019-12-13 | not yet calculated | CVE-2014-1867 MISC MISC MISC MISC |
| symantec -- industrial_control_system_protection | Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. | 2019-12-09 | not yet calculated | CVE-2019-18380 CONFIRM |
| telerik -- telerik_ui_for_asp.net_ajax | Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (In 2019.3.1023 but not earlier versions, a non-default setting can prevent exploitation.) | 2019-12-11 | not yet calculated | CVE-2019-18935 MISC MISC MISC MISC |
| telerik -- telerik_ui_for_asp.net_ajax | Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler). | 2019-12-13 | not yet calculated | CVE-2019-19790 MISC MISC |
| tematres -- tematres | TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. | 2019-12-13 | not yet calculated | CVE-2019-14344 MISC MISC |
| temenos -- channels | An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters. | 2019-12-09 | not yet calculated | CVE-2019-14251 MISC |
| thales_dis -- safenet_sentinel_ldk_license_manager | SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system. | 2019-12-11 | not yet calculated | CVE-2019-18232 MISC |
| virustotal -- yara | In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. | 2019-12-09 | not yet calculated | CVE-2019-19648 MISC |
| wolfssl -- wolfssl_and_wolfcrypt | wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces. | 2019-12-11 | not yet calculated | CVE-2019-14317 MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977. | 2019-12-11 | not yet calculated | CVE-2013-5978 MISC MISC MISC MISC MISC MISC MISC |
| wordpress -- wordpress | The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | 2019-12-13 | not yet calculated | CVE-2019-17599 MISC MISC MISC MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice. | 2019-12-11 | not yet calculated | CVE-2019-19580 MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable. | 2019-12-11 | not yet calculated | CVE-2019-19582 MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. | 2019-12-11 | not yet calculated | CVE-2019-19583 MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable. | 2019-12-11 | not yet calculated | CVE-2019-19578 MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable. | 2019-12-11 | not yet calculated | CVE-2019-19581 MISC |
| xen_project -- xen | An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable. | 2019-12-11 | not yet calculated | CVE-2019-19577 MISC |
| yabasic -- yabasic | Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. | 2019-12-13 | not yet calculated | CVE-2019-19796 MISC |
| yabasic -- yabasic | Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file. | 2019-12-11 | not yet calculated | CVE-2019-19720 MISC MISC |
| yachtcontrol -- yachtcontrol | Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's. | 2019-12-10 | not yet calculated | CVE-2019-17270 MISC EXPLOIT-DB |
| yaws -- yaws | yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 2019-12-10 | not yet calculated | CVE-2016-1000108 MISC CONFIRM MISC MISC |
| zabbix -- zabbix | Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | 2019-12-11 | not yet calculated | CVE-2013-5743 CONFIRM CONFIRM CONFIRM CONFIRM |
| zoho manageengine -- eventlog_analyzer | An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column. | 2019-12-13 | not yet calculated | CVE-2019-19774 MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.