Post sponsored by NewzEngine.com

Source: US Computer Emergency Readiness Team

androvideo — advan_vd-1_firmware A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication. 2019-08-28 not yet calculated CVE-2019-13406
CONFIRM
CONFIRM
CONFIRM androvideo — advan_vd-1_firmware
  A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. 2019-08-28 not yet calculated CVE-2019-11064
CONFIRM
CONFIRM
CONFIRM androvideo — advan_vd-1_firmware
  A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. 2019-08-28 not yet calculated CVE-2019-13407
CONFIRM
CONFIRM
CONFIRM androvideo — advan_vd-1_firmware
  A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. 2019-08-28 not yet calculated CVE-2019-13408
CONFIRM
CONFIRM
CONFIRM androvideo — advan_vd-1_firmware
  A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software. 2019-08-28 not yet calculated CVE-2019-13405
CONFIRM
CONFIRM
CONFIRM apache — commons_compress
  The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. 2019-08-30 not yet calculated CVE-2019-12402
MISC apache — santuario_xml_security_for_java
  In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario – XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario – XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. 2019-08-23 not yet calculated CVE-2019-12400
CONFIRM apport — apport
  Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system. 2019-08-29 not yet calculated CVE-2019-7307
MISC
MISC asus — hg100_firmware
  The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. 2019-08-28 not yet calculated CVE-2019-11060
CONFIRM
CONFIRM
CONFIRM asus — hg100_firmware
  A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. 2019-08-28 not yet calculated CVE-2019-11061
CONFIRM
CONFIRM
CONFIRM asus — smarthome_app
  A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. 2019-08-28 not yet calculated CVE-2019-11063
CONFIRM
CONFIRM
CONFIRM asymmetric-infosec — power-response
  Power-Response before 2019-02-02 allows directory traversal (up to the application’s main directory) via a plugin. 2019-08-23 not yet calculated CVE-2019-15519
MISC atlassian — confluence_server_and_confluence_data_center
  There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under /confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability. 2019-08-29 not yet calculated CVE-2019-3394
MISC
MISC autodesk — multiple_products
  DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution. 2019-08-23 not yet calculated CVE-2019-7364
CONFIRM avira — avira_free_security_suite
  An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory. 2019-08-29 not yet calculated CVE-2019-11396
FULLDISC bitrock — installbuilder
  Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature. 2019-08-28 not yet calculated CVE-2019-5530
MISC black_box — icompel
  Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP. 2019-08-26 not yet calculated CVE-2019-15497
MISC cdemu — libmirage
  libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. 2019-08-28 not yet calculated CVE-2019-15757
MISC
MISC cesnet — proxystatistics-simplesamlphp-module
  The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. 2019-08-23 not yet calculated CVE-2019-15537
MISC
MISC chan_zuckerberg_intiative — idseq-web
  idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. 2019-08-26 not yet calculated CVE-2019-15568
MISC check_point — endpoint_security_initial_client_for_windows
  Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user. 2019-08-29 not yet calculated CVE-2019-8461
MISC cisco — ios_xe_software
  A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information. 2019-08-28 not yet calculated CVE-2019-12643
CISCO cisco — nexus_9000_series_switches
  A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism. 2019-08-30 not yet calculated CVE-2019-1977
CISCO cisco — nx-os_software
  A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection. 2019-08-28 not yet calculated CVE-2019-1965
CISCO cisco — nx-os_software
  A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. 2019-08-30 not yet calculated CVE-2019-1968
CISCO cisco — nx-os_software
  A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name. 2019-08-30 not yet calculated CVE-2019-1969
CISCO cisco — nx-os_software
  A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device. 2019-08-28 not yet calculated CVE-2019-1964
CISCO cisco — nx-os_software
  A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. 2019-08-28 not yet calculated CVE-2019-1963
CISCO cisco — nx-os_software
  A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information. 2019-08-28 not yet calculated CVE-2019-1962
CISCO cisco — nx-os_software
  A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default. 2019-08-30 not yet calculated CVE-2019-1967
CISCO cisco — unified_computing_system_fabric_interconnect_software
  A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device. 2019-08-30 not yet calculated CVE-2019-1966
CISCO citrix — storefront_server
  Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. 2019-08-29 not yet calculated CVE-2019-13608
CONFIRM clonos — control-pane
  The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. 2019-08-26 not yet calculated CVE-2019-15571
MISC commscope — arris_tr4400_devices
  CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this. 2019-08-29 not yet calculated CVE-2019-15805
MISC commscope — arris_tr4400_devices
  CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this. 2019-08-29 not yet calculated CVE-2019-15806
MISC comodo — comodo_antivirus
  A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container. 2019-08-28 not yet calculated CVE-2019-14694
MISC
MISC cuberite — cuberite
  Cuberite before 2019-06-11 allows webadmin directory traversal via ….// because the protection mechanism simply removes one ../ substring. 2019-08-23 not yet calculated CVE-2019-15516
MISC d-link — dir-825ac_g1_devices
  D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. 2019-08-27 not yet calculated CVE-2019-13264
MISC
MISC d-link — dir-825ac_g1_devices
  D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. 2019-08-27 not yet calculated CVE-2019-13263
MISC
MISC d-link — dir-825ac_g1_devices
  D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network’s subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) 2019-08-27 not yet calculated CVE-2019-13265
MISC
MISC datalogic — av7000_linear_barcode_scanner
  Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. 2019-08-30 not yet calculated CVE-2019-13526
MISC deeply — deeply
  deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload. 2019-08-23 not yet calculated CVE-2019-10750
MISC delta_controls — entelibus_manager
  Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. 2019-08-26 not yet calculated CVE-2019-9569
MISC
MISC dfe-digital — schools-experience
  DfE School Experience before v16333-GA has XSS via a teacher training URL. 2019-08-23 not yet calculated CVE-2019-15487
MISC
MISC dianoxdrago — hawn
  DianoxDragon Hawn before 2019-07-10 allows SQL injection. 2019-08-26 not yet calculated CVE-2019-15559
MISC django-js-reverse — django-js-reverse
  django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. 2019-08-23 not yet calculated CVE-2019-15486
MISC
MISC docker — docker_desktop_community_edition
  Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%DockerDesktopversion-bin as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run ‘docker login’ to force the command. 2019-08-28 not yet calculated CVE-2019-15752
MISC domainmod — domainmod
  In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. 2019-08-29 not yet calculated CVE-2019-15811
MISC
MISC
MISC dovecot — dovecot_and_pigeonhole
  In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because ‘’ characters are mishandled, and can lead to out-of-bounds writes and remote code execution. 2019-08-29 not yet calculated CVE-2019-11500
CONFIRM
CONFIRM
MLIST
FEDORA
GENTOO
MISC edimax — br-6208ac_devices Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network’s subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) 2019-08-27 not yet calculated CVE-2019-13271
MISC
MISC edimax — br-6208ac_devices
  Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. 2019-08-27 not yet calculated CVE-2019-13269
MISC
MISC edimax — br-6208ac_devices
  Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. 2019-08-27 not yet calculated CVE-2019-13270
MISC
MISC entropic — entropic
  cli/lib/main.js in Entropic before 2019-06-13 does not reject / and in command names, which might allow a directory traversal attack in unusual situations. 2019-08-28 not yet calculated CVE-2019-15714
MISC eques — elf_smart_plug_and_mobile_app
  The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off. 2019-08-29 not yet calculated CVE-2019-15745
MISC
MISC
MISC
MISC
MISC estsoft — alsee
  A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. 2019-08-30 not yet calculated CVE-2019-12810
CONFIRM flashlingo — flashlingo
  FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. 2019-08-26 not yet calculated CVE-2019-15561
MISC fontforge — fontforge
  FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. 2019-08-29 not yet calculated CVE-2019-15785
MISC fortinet — fortimanager Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods. 2019-08-23 not yet calculated CVE-2019-6695
CONFIRM fortinet — fortirecorder
  Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. 2019-08-23 not yet calculated CVE-2019-6698
CONFIRM fortinet — fortiweb
  The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. 2019-08-28 not yet calculated CVE-2019-5590
BID
CONFIRM frappe — frappe_framework
  public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted “changed value of” text. 2019-08-27 not yet calculated CVE-2019-15700
MISC freebsd — freebsd
  In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. 2019-08-30 not yet calculated CVE-2019-5610
MISC
BUGTRAQ
CONFIRM freebsd — freebsd
  In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. 2019-08-30 not yet calculated CVE-2019-5608
CONFIRM freebsd — freebsd
  In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host. 2019-08-30 not yet calculated CVE-2019-5609
CONFIRM freebsd — freebsd
  In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat’s data buffer. 2019-08-30 not yet calculated CVE-2019-5612
CONFIRM freebsd — freebsd
  In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. 2019-08-30 not yet calculated CVE-2019-5611
MISC
BUGTRAQ
CONFIRM gallagher — command_centre
  An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file. 2019-08-28 not yet calculated CVE-2019-15294
CONFIRM
MISC gesior-aac — gesior-aac
  Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. 2019-08-26 not yet calculated CVE-2019-15573
MISC gesior-aac — gesior-aac
  Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. 2019-08-26 not yet calculated CVE-2019-15572
MISC gesior-aac — gesior-aac
  Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. 2019-08-26 not yet calculated CVE-2019-15574
MISC gitlab — gitlab
  An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. 2019-08-29 not yet calculated CVE-2019-14943
CONFIRM
MISC
MISC gnu — chess
  In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. 2019-08-28 not yet calculated CVE-2019-15767
MISC
MISC haivision — secure_reliable_transport
  Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections. 2019-08-29 not yet calculated CVE-2019-15784
MISC hm_courts_and_tribunals_service — ccd-data-store-api
  HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. 2019-08-26 not yet calculated CVE-2019-15569
MISC hot — tasking_manager
  Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. 2019-08-23 not yet calculated CVE-2019-15535
MISC
MISC ibm — cloud_automation_manager
  IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. 2019-08-29 not yet calculated CVE-2019-4132
CONFIRM
XF ibm — cloud_automation_manager
  IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. 2019-08-29 not yet calculated CVE-2019-4133
XF
CONFIRM ibm — db2_high_performance_unload_for_linux__unix_and_windows IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489. 2019-08-26 not yet calculated CVE-2019-4448
CONFIRM
XF ibm — db2_high_performance_unload_for_linux__unix_and_windows
  IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488. 2019-08-26 not yet calculated CVE-2019-4447
CONFIRM
XF ibm — i
  IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592. 2019-08-29 not yet calculated CVE-2019-4536
XF
CONFIRM ibm — open_power_firmware
  IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. 2019-08-26 not yet calculated CVE-2019-4169
CONFIRM
XF icommktconnector — icommktconnector
  The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. 2019-08-26 not yet calculated CVE-2019-15565
MISC inner_heaven_project — libzetta.rs
  libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. 2019-08-29 not yet calculated CVE-2019-15787
MISC insyde — multiple_software_tools
  Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08. 2019-08-26 not yet calculated CVE-2019-12532
MISC
CONFIRM irssi — irssi
  Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. 2019-08-29 not yet calculated CVE-2019-15717
MLIST
MLIST
CONFIRM it-novum — openitcockpit
  openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. 2019-08-23 not yet calculated CVE-2019-15491
MISC it-novum — openitcockpit
  openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. 2019-08-23 not yet calculated CVE-2019-15492
MISC it-novum — openitcockpit
  openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. 2019-08-23 not yet calculated CVE-2019-15493
MISC it-novum — openitcockpit
  openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. 2019-08-23 not yet calculated CVE-2019-15494
MISC it-novum — openitcockpit
  openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. 2019-08-23 not yet calculated CVE-2019-15490
MISC jenkins — jenkins
  Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. 2019-08-28 not yet calculated CVE-2019-10391
MLIST
MISC jenkins — jenkins
  A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. 2019-08-28 not yet calculated CVE-2019-10383
MLIST
MISC jenkins — jenkins
  Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. 2019-08-28 not yet calculated CVE-2019-10384
MLIST
MISC kimai2 — kimai2
  Kimai v2 before 1.1 has XSS via a timesheet description. 2019-08-23 not yet calculated CVE-2019-15481
MISC
MISC kubernetes — kubernetes The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. 2019-08-28 not yet calculated CVE-2019-11249
CONFIRM
MLIST kubernetes — kubernetes The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet’s healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. 2019-08-28 not yet calculated CVE-2019-11248
CONFIRM
MLIST kubernetes — kubernetes
  In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0. 2019-08-28 not yet calculated CVE-2019-11245
CONFIRM kubernetes — kubernetes
  The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. 2019-08-28 not yet calculated CVE-2019-11250
CONFIRM kubernetes — kubernetes
  The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. 2019-08-28 not yet calculated CVE-2019-11247
CONFIRM
MLIST kubernetes — kubernetes
  The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. 2019-08-28 not yet calculated CVE-2019-11246
CONFIRM
MLIST lenovo — multiple_products
  There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54. 2019-08-28 not yet calculated CVE-2019-10724
MISC
MISC lexmark — multiple_products Various Lexmark products have a Buffer Overflow (issue 3 of 3). 2019-08-28 not yet calculated CVE-2019-9933
CONFIRM lexmark — multiple_products
  Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device. 2019-08-28 not yet calculated CVE-2019-9931
CONFIRM lexmark — multiple_products
  The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. 2019-08-28 not yet calculated CVE-2019-10059
CONFIRM lexmark — multiple_products
  Various Lexmark products have a Buffer Overflow (issue 2 of 3). 2019-08-28 not yet calculated CVE-2019-9932
CONFIRM limesurvey — limesurvey
  Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. 2019-08-26 not yet calculated CVE-2019-15640
MISC linux — linux_kernel
  An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. 2019-08-25 not yet calculated CVE-2019-15538
MISC
MISC
MISC
MISC linux — linux_kernel
  In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. 2019-08-29 not yet calculated CVE-2019-15807
MISC
MISC lute-tab — lute-tab
  Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. 2019-08-29 not yet calculated CVE-2019-15783
MISC memcached — memcached
  memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. 2019-08-30 not yet calculated CVE-2019-15026
CONFIRM
CONFIRM mikrotik — routeros
  MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. 2019-08-26 not yet calculated CVE-2019-15055
MISC
CONFIRM mongodb — mongodb_server
  Incorrect scoping of kill operations in MongoDB Server’s packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. 2019-08-30 not yet calculated CVE-2019-2389
CONFIRM mongodb — mongodb_server
  An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility. 2019-08-30 not yet calculated CVE-2019-2390
CONFIRM moodle — moodle
  The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. 2019-08-23 not yet calculated CVE-2019-15536
MISC msp360 — cloudberry_backup CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITYSYSTEM. 2019-08-28 not yet calculated CVE-2019-15720
MISC mulesoft — mulesoft_and_mulesoft_api_gateway
  Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway (all versions) released before August 1, 2019 allow remote attackers to read files accessible to the Mule process. 2019-08-30 not yet calculated CVE-2019-15630
MISC mysticatea — eslint-utils
  In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code. 2019-08-26 not yet calculated CVE-2019-15657
MISC nmap — nmap
  nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading n character to ssh-brute.nse or ssh-auth-methods.nse. 2019-08-28 not yet calculated CVE-2017-18594
MISC
MISC
MISC
MISC
MISC
MISC nvidia — clara_genomics_analysis
  Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. 2019-08-29 not yet calculated CVE-2019-15788
MISC
MISC onkyo — tx-nr686_receiver_devices
  Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. 2019-08-30 not yet calculated CVE-2019-6113
MISC openbsd — openbsd
  Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. 2019-08-26 not yet calculated CVE-2019-8460
MISC
MISC openforis — arena
  OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. 2019-08-26 not yet calculated CVE-2019-15567
MISC opensource-table — reviews-module
  The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. 2019-08-26 not yet calculated CVE-2019-15560
MISC openstack — os-vif
  In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. 2019-08-28 not yet calculated CVE-2019-15753
MLIST
MISC
MISC
MISC
CONFIRM pelles_kodfabrik — connect-pg-simple
  connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data. 2019-08-26 not yet calculated CVE-2019-15658
MISC prograde — grill_temperature_monitor
  Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. NOTE: this device also ships with ProGrade branding. 2019-08-26 not yet calculated CVE-2019-15304
MISC
MISC
MISC pw3270_terminal_emulator — pw3270_terminal_emulator
  There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. 2019-08-23 not yet calculated CVE-2019-15525
MLIST
MISC
MISC ricoh — multiple_printers
  Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. 2019-08-26 not yet calculated CVE-2019-14300
MISC
MISC ricoh — multiple_printers
  Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. 2019-08-26 not yet calculated CVE-2019-14305
MISC
MISC ricoh — multiple_printers
  Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected congiguration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected congiguration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. 2019-08-26 not yet calculated CVE-2019-14307
MISC
MISC ricoh — multiple_printers
  Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. 2019-08-26 not yet calculated CVE-2019-14308
MISC
MISC riot — riot
  In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. 2019-08-27 not yet calculated CVE-2019-15702
MISC robotis — dynamixel_sdk
  ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. 2019-08-29 not yet calculated CVE-2019-15786
MISC rust — rust
  An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results. 2019-08-26 not yet calculated CVE-2018-20999
MISC
MISC rust — rust
  An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor’s arguments are in the wrong order, causing heap memory corruption. 2019-08-26 not yet calculated CVE-2018-21000
MISC
MISC rust — rust
  An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. 2019-08-26 not yet calculated CVE-2018-20995
MISC rust — rust
  An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. 2019-08-26 not yet calculated CVE-2018-20990
MISC rust — rust
  An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. 2019-08-26 not yet calculated CVE-2016-10931
MISC rust — rust
  rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable. 2019-08-26 not yet calculated CVE-2019-15541
MISC
MISC
MISC rust — rust
  An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. 2019-08-26 not yet calculated CVE-2019-15542
MISC rust — rust
  An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. 2019-08-26 not yet calculated CVE-2018-20997
MISC rust — rust
  An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. 2019-08-26 not yet calculated CVE-2019-15544
MISC rust — rust
  An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. 2019-08-26 not yet calculated CVE-2017-18588
MISC rust — rust
  An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field. 2019-08-26 not yet calculated CVE-2019-15549
MISC rust — rust
  An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases. 2019-08-26 not yet calculated CVE-2019-15543
MISC rust — rust
  An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. 2019-08-26 not yet calculated CVE-2016-10932
MISC rust — rust
  An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures. 2019-08-26 not yet calculated CVE-2019-15545
MISC rust — rust
  An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity. 2019-08-26 not yet calculated CVE-2019-15554
MISC
MISC rust — rust
  An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory. 2019-08-26 not yet calculated CVE-2019-15553
MISC
MISC rust — rust
  An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution. 2019-08-26 not yet calculated CVE-2019-15552
MISC
MISC rust — rust
  An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity. 2019-08-26 not yet calculated CVE-2019-15551
MISC
MISC rust — rust
  An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary. 2019-08-26 not yet calculated CVE-2019-15550
MISC rust — rust
  An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. 2019-08-26 not yet calculated CVE-2017-18587
MISC selectize-plugin-a11y — selectize-plugin-a11y
  selectize-plugin-a11y before 1.1.0 has XSS via the msg field. 2019-08-23 not yet calculated CVE-2019-15482
MISC
MISC set-value — set-value
  set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. 2019-08-23 not yet calculated CVE-2019-10747
MISC snare — snare_central
  An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. 2019-08-29 not yet calculated CVE-2019-11364
CONFIRM snare — snare_central
  A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. 2019-08-29 not yet calculated CVE-2019-11363
CONFIRM social_network — social_network
  Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. 2019-08-26 not yet calculated CVE-2019-15556
MISC suricata — suricata
  An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn’t determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction. 2019-08-28 not yet calculated CVE-2019-10056
MISC
CONFIRM suricata — suricata
  An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file. 2019-08-28 not yet calculated CVE-2019-10054
MISC
CONFIRM suricata — suricata
  An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe “Some(sfcm) => { ft.new_chunk }” item, then the program enters an smb/files.rs error condition and crashes. 2019-08-28 not yet calculated CVE-2019-10051
MISC
MISC
CONFIRM suricata — suricata
  An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file. 2019-08-28 not yet calculated CVE-2019-10052
MISC
MISC
CONFIRM suricata — suricata
  An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file. 2019-08-28 not yet calculated CVE-2019-10055
MISC
CONFIRM symantec — asg_and_proxysg
  The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG’s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. 2019-08-30 not yet calculated CVE-2018-18370
CONFIRM symantec — asg_and_proxysg
  The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG’s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. 2019-08-30 not yet calculated CVE-2018-18371
CONFIRM symantec — management_center_rest_api
  An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. 2019-08-30 not yet calculated CVE-2019-9697
CONFIRM symantec — my_vip
  Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. 2019-08-30 not yet calculated CVE-2019-12754
CONFIRM symantec — reporter_web_ui
  An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. 2019-08-30 not yet calculated CVE-2019-12753
CONFIRM tableau — multiple_products
  Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. 2019-08-26 not yet calculated CVE-2019-15637
MISC
MISC
MISC teamspeak — teamspeak_client
  The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE). 2019-08-29 not yet calculated CVE-2019-15502
MISC
MISC
MISC tightrope_media — carousel
  The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet. 2019-08-26 not yet calculated CVE-2019-13020
CONFIRM totemo — totemomail Cross-site scripting (XSS) vulnerability in the ‘Certificate’ feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 not yet calculated CVE-2018-15510
MISC totemo — totemomail
  Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. 2019-08-30 not yet calculated CVE-2018-15513
MISC totemo — totemomail
  Cross-site scripting (XSS) vulnerability in the ‘Authorisation Service’ feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 not yet calculated CVE-2018-15512
MISC totemo — totemomail
  Cross-site scripting (XSS) vulnerability in the ‘Notification template’ feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. 2019-08-30 not yet calculated CVE-2018-15511
MISC tp-link — archer_c3200_and_c2_devices
  TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network’s subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) 2019-08-27 not yet calculated CVE-2019-13268
MISC
MISC tp-link — archer_c3200_and_c2_devices
  TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. 2019-08-27 not yet calculated CVE-2019-13267
MISC
MISC tp-link — archer_c3200_and_c2_devices
  TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. 2019-08-27 not yet calculated CVE-2019-13266
MISC
MISC ubuntu — ubuntu
  An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process. 2019-08-29 not yet calculated CVE-2019-11476
MISC
MISC videolan — vlc_media_player A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. 2019-08-29 not yet calculated CVE-2019-14776
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. 2019-08-29 not yet calculated CVE-2019-14534
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. 2019-08-29 not yet calculated CVE-2019-14533
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. 2019-08-29 not yet calculated CVE-2019-14777
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. 2019-08-29 not yet calculated CVE-2019-14437
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. 2019-08-29 not yet calculated CVE-2019-14535
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. 2019-08-29 not yet calculated CVE-2019-14438
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. 2019-08-29 not yet calculated CVE-2019-14498
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. 2019-08-29 not yet calculated CVE-2019-14970
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM videolan — vlc_media_player
  The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. 2019-08-29 not yet calculated CVE-2019-14778
CONFIRM
BUGTRAQ
DEBIAN
CONFIRM webassembly — binaryen
  An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. 2019-08-28 not yet calculated CVE-2019-15758
MISC
MISC webmin — webmin rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states “RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.” 2019-08-26 not yet calculated CVE-2019-15642
MISC
MISC
MISC
MISC webtorrent — webtorrent
  WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. 2019-08-29 not yet calculated CVE-2019-15782
MISC
MISC wellness-app — wellness-app
  FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. 2019-08-26 not yet calculated CVE-2019-15555
MISC wolfssl — wolfssl
  wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. 2019-08-26 not yet calculated CVE-2019-15651
MISC wordpress — wordpress Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9372
MISC
MISC wordpress — wordpress
  The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15774
MISC
MISC
MISC wordpress — wordpress
  The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. 2019-08-27 not yet calculated CVE-2018-21002
MISC wordpress — wordpress
  The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. 2019-08-30 not yet calculated CVE-2019-15836
MISC
MISC wordpress — wordpress
  The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. 2019-08-30 not yet calculated CVE-2019-15819
MISC
MISC
MISC wordpress — wordpress
  The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. 2019-08-30 not yet calculated CVE-2019-15818
MISC
MISC
MISC wordpress — wordpress
  The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. 2019-08-30 not yet calculated CVE-2019-15820
MISC
MISC
MISC wordpress — wordpress
  The link-log plugin before 2.1 for WordPress has SQL injection. 2019-08-27 not yet calculated CVE-2015-9344
MISC wordpress — wordpress
  The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. 2019-08-27 not yet calculated CVE-2018-21004
MISC
MISC
MISC wordpress — wordpress
  The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the “built-in (old)” file browser. 2019-08-27 not yet calculated CVE-2015-9349
MISC wordpress — wordpress
  The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. 2019-08-29 not yet calculated CVE-2019-15777
MISC
MISC
MISC wordpress — wordpress
  The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads. 2019-08-27 not yet calculated CVE-2017-18592
MISC wordpress — wordpress
  The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. 2019-08-29 not yet calculated CVE-2019-15781
MISC
MISC wordpress — wordpress
  The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. 2019-08-27 not yet calculated CVE-2015-9345
MISC wordpress — wordpress
  The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. 2019-08-30 not yet calculated CVE-2019-15816
MISC
MISC
MISC wordpress — wordpress
  The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066. 2019-08-28 not yet calculated CVE-2015-9353
MISC wordpress — wordpress
  The gigpress plugin before 2.3.11 for WordPress has XSS. 2019-08-28 not yet calculated CVE-2015-9354
MISC wordpress — wordpress
  The easy-property-listings plugin before 3.4 for WordPress has XSS. 2019-08-30 not yet calculated CVE-2019-15817
MISC
MISC wordpress — wordpress
  The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. 2019-08-29 not yet calculated CVE-2019-15776
MISC
MISC
MISC wordpress — wordpress
  The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15772
MISC
MISC
MISC wordpress — wordpress
  The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. 2019-08-29 not yet calculated CVE-2019-15769
MISC
MISC wordpress — wordpress
  The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. 2019-08-27 not yet calculated CVE-2014-10395
MISC wordpress — wordpress
  The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9361
MISC
MISC wordpress — wordpress
  The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. 2019-08-27 not yet calculated CVE-2018-21006
MISC wordpress — wordpress
  The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. 2019-08-29 not yet calculated CVE-2018-21007
MISC wordpress — wordpress
  The sharebar plugin before 1.2.2 for WordPress has SQL injection. 2019-08-28 not yet calculated CVE-2012-6719
MISC wordpress — wordpress
  The rsvpmaker plugin before 6.2 for WordPress has SQL injection. 2019-08-27 not yet calculated CVE-2019-15646
MISC
MISC
MISC wordpress — wordpress
  The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15771
MISC
MISC
MISC wordpress — wordpress
  The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9358
MISC wordpress — wordpress
  The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. 2019-08-29 not yet calculated CVE-2019-15780
MISC wordpress — wordpress
  The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15773
MISC
MISC
MISC wordpress — wordpress
  The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. 2019-08-27 not yet calculated CVE-2018-21005
MISC wordpress — wordpress
  The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. 2019-08-29 not yet calculated CVE-2019-15770
MISC
MISC wordpress — wordpress
  The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. 2019-08-29 not yet calculated CVE-2019-15775
MISC
MISC
MISC wordpress — wordpress
  The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. 2019-08-29 not yet calculated CVE-2019-15778
MISC
MISC
MISC wordpress — wordpress
  The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. 2019-08-29 not yet calculated CVE-2019-15779
MISC
MISC wordpress — wordpress
  The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. 2019-08-28 not yet calculated CVE-2015-9356
MISC
MISC wordpress — wordpress
  The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15834
MISC
MISC wordpress — wordpress
  2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9364
MISC
MISC wordpress — wordpress
  The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. 2019-08-30 not yet calculated CVE-2019-15842
MISC wordpress — wordpress
  The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15835
MISC
MISC wordpress — wordpress
  The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. 2019-08-30 not yet calculated CVE-2019-15833
MISC wordpress — wordpress
  The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15832
MISC
MISC wordpress — wordpress
  The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15840
MISC wordpress — wordpress
  The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. 2019-08-30 not yet calculated CVE-2019-15830
MISC
MISC
MISC wordpress — wordpress
  The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. 2019-08-30 not yet calculated CVE-2019-15839
MISC
MISC wordpress — wordpress
  The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. 2019-08-30 not yet calculated CVE-2019-15825
MISC
MISC
MISC wordpress — wordpress
  Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9370
MISC
MISC wordpress — wordpress
  The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. 2019-08-30 not yet calculated CVE-2019-15831
MISC
MISC wordpress — wordpress
  The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. 2019-08-30 not yet calculated CVE-2019-15827
MISC
MISC
MISC wordpress — wordpress
  The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2019-15828
MISC
MISC wordpress — wordpress
  The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. 2019-08-30 not yet calculated CVE-2019-15823
MISC
MISC
MISC wordpress — wordpress
  The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. 2019-08-30 not yet calculated CVE-2019-15821
MISC
MISC
MISC wordpress — wordpress
  The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. 2019-08-27 not yet calculated CVE-2016-10935
MISC wordpress — wordpress
  The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. 2019-08-30 not yet calculated CVE-2019-15826
MISC
MISC
MISC wordpress — wordpress
  The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. 2019-08-28 not yet calculated CVE-2015-9355
MISC wordpress — wordpress
  The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. 2019-08-30 not yet calculated CVE-2019-15838
MISC
MISC wordpress — wordpress
  Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9375
MISC
MISC wordpress — wordpress
  iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9377
MISC
MISC wordpress — wordpress
  The webp-express plugin before 0.14.8 for WordPress has stored XSS. 2019-08-30 not yet calculated CVE-2019-15837
MISC
MISC wordpress — wordpress
  Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9368
MISC
MISC wordpress — wordpress
  Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9369
MISC
MISC wordpress — wordpress
  Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9371
MISC
MISC wordpress — wordpress
  The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. 2019-08-30 not yet calculated CVE-2019-15841
MISC wordpress — wordpress
  iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9379
MISC
MISC wordpress — wordpress
  PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9373
MISC
MISC wordpress — wordpress
  Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9374
MISC
MISC wordpress — wordpress
  Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9366
MISC
MISC wordpress — wordpress
  iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9378
MISC
MISC wordpress — wordpress
  The photo-gallery plugin before 1.2.42 for WordPress has CSRF. 2019-08-30 not yet calculated CVE-2015-9380
MISC
MISC
MISC wordpress — wordpress
  Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). 2019-08-28 not yet calculated CVE-2015-9367
MISC
MISC wordpress — wordpress
  The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. 2019-08-30 not yet calculated CVE-2019-15822
MISC
MISC
MISC wordpress — wordpress
  The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. 2019-08-28 not yet calculated CVE-2012-6718
MISC wordpress — wordpress
  The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. 2019-08-30 not yet calculated CVE-2019-15824
MISC
MISC
MISC wordpress — wordpress
  The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. 2019-08-30 not yet calculated CVE-2019-15829
MISC
MISC wtfutil — wtf
  WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults. 2019-08-28 not yet calculated CVE-2019-15716
MISC
MISC
MISC xayr.ga — xenfcoresharp
  XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. 2019-08-26 not yet calculated CVE-2019-15533
MISC xm_online — user_account_and_authentication_server
  XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. 2019-08-26 not yet calculated CVE-2019-15557
MISC xymon — xymon
  In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. 2019-08-27 not yet calculated CVE-2019-13273
MISC
CONFIRM zephyr_project — zephyr
  Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. 2019-08-28 not yet calculated CVE-2017-14201
MISC
MISC
MISC zephyr_project — zephyr
  Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. 2019-08-28 not yet calculated CVE-2017-14202
MISC
MISC
MISC

MIL OSI USA News