Post sponsored by NewzEngine.com

Source: US Computer Emergency Readiness Team

10web — photo_gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. 2019-09-08 4.3 CVE-2019-16117
MISC
MISC
MISC
MISC 10web — photo_gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. 2019-09-08 4.3 CVE-2019-16118
MISC
MISC
MISC
MISC
MISC adobe — application_manager Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. 2019-09-12 6.8 CVE-2019-8076
CONFIRM afterlogic — aurora Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. 2019-09-12 4.3 CVE-2019-16238
MISC airbrake — airbrake_ruby The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected). 2019-09-06 5.0 CVE-2019-16060
MISC alfresco — alfresco An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). 2019-09-06 5.8 CVE-2019-14223
MISC apache — ofbiz The “Blog”, “Forum”, “Contact Us” screens of the template “ecommerce” application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616 2019-09-11 4.3 CVE-2019-10073
MLIST apache — solr Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. 2019-09-10 5.0 CVE-2019-12401
MLIST
MLIST apache — traffic_control Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user’s correct password. 2019-09-09 6.8 CVE-2019-12405
MLIST arubanetworks — arubaos Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. 2019-09-13 4.3 CVE-2019-5314
CONFIRM atlassian — jira The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. 2019-09-11 5.0 CVE-2019-14995
N/A atlassian — jira The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. 2019-09-11 4.3 CVE-2019-14996
N/A atlassian — jira The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. 2019-09-11 4.3 CVE-2019-14997
N/A atlassian — jira The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via “cookie tossing” a CSRF cookie from a subdomain of a Jira instance. 2019-09-11 4.3 CVE-2019-14998
N/A atlassian — jira The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. 2019-09-11 5.0 CVE-2019-8449
N/A atlassian — jira The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. 2019-09-11 6.4 CVE-2019-8451
N/A bludit — bludit Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. 2019-09-08 6.5 CVE-2019-16113
MISC bosch — access An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. 2019-09-12 4.0 CVE-2019-11899
CONFIRM bower — bower Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. 2019-09-13 5.0 CVE-2019-5484
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. 2019-09-10 5.5 CVE-2019-14721
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim’s account via an attacker account. 2019-09-10 4.0 CVE-2019-14722
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim’s e-mail account via an attacker account. 2019-09-10 4.0 CVE-2019-14723
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim’s account via an attacker account. 2019-09-11 5.0 CVE-2019-14724
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. 2019-09-11 4.0 CVE-2019-14725
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim’s account via an attacker account. 2019-09-10 6.5 CVE-2019-14726
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. 2019-09-10 4.0 CVE-2019-14727
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim’s account via an attacker account. 2019-09-10 4.0 CVE-2019-14728
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim’s account via an attacker account. 2019-09-10 5.5 CVE-2019-14729
MISC
MISC
MISC centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim’s account via an attacker account. 2019-09-10 4.0 CVE-2019-14730
MISC
MISC
MISC changehealthcare — cardiology_firmware A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code. 2019-09-06 4.6 CVE-2018-18630
MISC
MISC copy-me_project — copy-me The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. 2019-09-13 4.3 CVE-2016-10938
MISC
MISC
MISC couchbase — couchbase_server An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http server on port 8092 lacks an X-XSS protection header. 2019-09-10 4.3 CVE-2019-11464
MISC couchbase — couchbase_server An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached “connections” stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted. 2019-09-10 5.0 CVE-2019-11465
MISC couchbase — couchbase_server An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Eventing debug endpoint mishandles authentication and audit. 2019-09-10 5.0 CVE-2019-11466
MISC couchbase — couchbase_server An issue was discovered in Couchbase Server 5.0.0. Editing bucket settings resets credentials, and leads to authorization without credentials. 2019-09-10 6.4 CVE-2019-11496
MISC couchbase — couchbase_server An issue was discovered in Couchbase Server 5.0.0. When creating a new remote cluster reference in Couchbase for XDCR, an invalid certificate is accepted. (The correct behavior is to validate the certificate against the remote cluster.) 2019-09-10 5.0 CVE-2019-11497
MISC cybozu — garoon Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. 2019-09-12 4.0 CVE-2019-5976
MISC
MISC cybozu — garoon Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application ‘E-Mail’. 2019-09-12 4.0 CVE-2019-5977
MISC
MISC cybozu — garoon Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application ‘Scheduler’. 2019-09-12 5.8 CVE-2019-5978
MISC
MISC cybozu — garoon SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2019-09-12 6.5 CVE-2019-5991
MISC
MISC dell — rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. 2019-09-11 5.5 CVE-2019-3759
CONFIRM dell — rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. 2019-09-11 6.5 CVE-2019-3760
CONFIRM deltaww — dcisoft Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b. 2019-09-11 4.6 CVE-2019-16247
MISC deltaww — tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. 2019-09-11 6.8 CVE-2019-13536
MISC deltaww — tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. 2019-09-11 6.8 CVE-2019-13540
MISC deltaww — tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution. 2019-09-11 6.8 CVE-2019-13544
MISC designmodo — qards The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. 2019-09-10 4.3 CVE-2017-18598
MISC digium — asterisk res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. 2019-09-09 4.0 CVE-2019-15297
CONFIRM
MISC digium — asterisk main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. 2019-09-09 5.0 CVE-2019-15639
CONFIRM
MISC easy!appointments_project — easy!appointments Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). 2019-09-11 5.0 CVE-2019-14936
MISC eclipse — omr Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. 2019-09-12 4.6 CVE-2019-11773
CONFIRM eclipse — paho_java_client In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information. 2019-09-11 5.0 CVE-2019-11777
CONFIRM elementor — elementor The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. 2019-09-10 6.5 CVE-2017-18596
MISC
MISC getgrav — grav_cms Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. 2019-09-08 4.3 CVE-2019-16126
MISC gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. 2019-09-09 4.0 CVE-2019-11544
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. 2019-09-09 4.0 CVE-2019-11545
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn’t escaped, which could potentially lead to XSS issues. 2019-09-09 4.3 CVE-2019-11547
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. 2019-09-09 4.0 CVE-2019-11549
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. 2019-09-09 5.0 CVE-2019-11605
CONFIRM gitlab — gitlab An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. 2019-09-09 6.5 CVE-2019-5473
CONFIRM
MISC gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. 2019-09-09 5.0 CVE-2019-6782
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. 2019-09-09 6.5 CVE-2019-6783
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. 2019-09-09 4.3 CVE-2019-6784
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. 2019-09-09 4.0 CVE-2019-6785
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. 2019-09-09 4.0 CVE-2019-6786
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services. 2019-09-09 5.0 CVE-2019-6788
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user. 2019-09-09 4.0 CVE-2019-6789
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. 2019-09-09 4.0 CVE-2019-6791
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. 2019-09-09 5.0 CVE-2019-6792
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. 2019-09-09 6.8 CVE-2019-6793
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. 2019-09-09 4.0 CVE-2019-6794
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering. 2019-09-09 5.8 CVE-2019-6795
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. 2019-09-09 4.0 CVE-2019-6995
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups. 2019-09-09 4.0 CVE-2019-6996
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles. 2019-09-09 4.0 CVE-2019-6997
CONFIRM
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. 2019-09-09 4.3 CVE-2019-7176
CONFIRM
CONFIRM glyphandcog — xpdfreader Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. 2019-09-06 4.3 CVE-2019-16088
MISC glyphandcog — xpdfreader In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. 2019-09-08 6.8 CVE-2019-16115
MISC gnu — cflow GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. 2019-09-09 4.3 CVE-2019-16165
MISC gnu — cflow GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. 2019-09-09 4.3 CVE-2019-16166
MISC google — android In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-2182
MISC google — android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9248
MISC google — android In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9270
MISC google — android In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9271
MISC google — android In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9273
MISC google — android In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9274
MISC google — android In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9276
MISC google — android In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9426
MISC google — android In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. 2019-09-06 4.6 CVE-2019-9436
MISC google — android In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9441
MISC google — android In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9442
MISC google — android In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9443
MISC google — android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9446
MISC google — android In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9447
MISC google — android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9448
MISC google — android In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9450
MISC google — android In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9451
MISC google — android In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9454
MISC google — android In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9456
MISC google — android In the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9457
MISC google — android In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9458
MISC headwaythemes — headway The Headway theme before 3.8.9 for WordPress has XSS via the license key field. 2019-09-13 4.3 CVE-2016-10953
MISC hgw168cc — yii-cms YII2-CMS v1.0 has XSS in protectedcoremoduleshomemodelsContact.php via a name field to /contact.html. 2019-09-08 4.3 CVE-2019-16130
MISC
MISC humanica — humatrix The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. 2019-09-10 5.0 CVE-2019-16106
MISC
MISC ibps_online_exam_project — ibps_online_exam The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. 2019-09-10 6.5 CVE-2017-18602
EXPLOIT-DB if.svnadmin_project — if.svnadmin iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. 2019-09-06 4.3 CVE-2019-15128
MISC imapfilter_project — imapfilter IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. 2019-09-08 5.0 CVE-2016-10937
MISC
MISC jtrt_responsive_tables_project — jtrt_responsive_tables The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. 2019-09-10 6.5 CVE-2017-18597
MISC
MISC
MISC k-takata — onigmo Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. 2019-09-09 5.0 CVE-2019-16161
MISC
MISC k-takata — onigmo Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. 2019-09-09 5.0 CVE-2019-16162
MISC kartatopia — piluscart In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. 2019-09-08 5.0 CVE-2019-16123
MISC
MISC kilo_project — kilo Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. 2019-09-08 5.0 CVE-2019-16096
MISC
MISC
MISC
MISC librenms — librenms An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring. 2019-09-09 6.8 CVE-2019-10666
MISC librenms — librenms An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths. 2019-09-09 5.0 CVE-2019-10667
MISC librenms — librenms An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible. 2019-09-09 6.4 CVE-2019-10668
MISC librenms — librenms An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru(). 2019-09-09 6.5 CVE-2019-10669
MISC
MISC librenms — librenms An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php. 2019-09-09 4.3 CVE-2019-10670
MISC librenms — librenms An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. 2019-09-09 6.5 CVE-2019-10671
MISC librenms — librenms An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ. 2019-09-09 6.5 CVE-2019-12463
MISC librenms — librenms An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. 2019-09-09 6.0 CVE-2019-12464
MISC librenms — librenms An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. 2019-09-09 5.5 CVE-2019-12465
MISC libslirp_project — libslirp libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. 2019-09-06 5.0 CVE-2019-15890
CONFIRM
MISC liferay — liferay_portal Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. 2019-09-09 4.3 CVE-2019-16147
MISC limesurvey — limesurvey An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. 2019-09-09 6.8 CVE-2019-16174
MISC
MISC limesurvey — limesurvey A clickjacking vulnerability was found in Limesurvey before 3.17.14. 2019-09-09 4.3 CVE-2019-16175
MISC
MISC limesurvey — limesurvey A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. 2019-09-09 5.0 CVE-2019-16176
MISC
MISC limesurvey — limesurvey In Limesurvey before 3.17.14, the entire database is exposed through browser caching. 2019-09-09 5.0 CVE-2019-16177
MISC
MISC limesurvey — limesurvey Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. 2019-09-09 5.0 CVE-2019-16179
MISC
MISC limesurvey — limesurvey Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. 2019-09-09 5.0 CVE-2019-16180
MISC
MISC limesurvey — limesurvey In Limesurvey before 3.17.14, admin users can mark other users’ notifications as read. 2019-09-09 4.0 CVE-2019-16181
MISC
MISC limesurvey — limesurvey A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. 2019-09-09 4.3 CVE-2019-16182
MISC
MISC limesurvey — limesurvey In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. 2019-09-09 4.0 CVE-2019-16183
MISC
MISC limesurvey — limesurvey In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. 2019-09-09 6.5 CVE-2019-16185
MISC
MISC limesurvey — limesurvey In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. 2019-09-09 6.5 CVE-2019-16186
MISC
MISC limesurvey — limesurvey Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. 2019-09-09 5.0 CVE-2019-16187
MISC
MISC magicfields — magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter. 2019-09-10 4.3 CVE-2017-18609
MISC
MISC magicfields — magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter. 2019-09-10 4.3 CVE-2017-18610
MISC
MISC magicfields — magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter. 2019-09-10 4.3 CVE-2017-18611
MISC
MISC mautic — mautic An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. 2019-09-06 4.3 CVE-2018-11198
MISC
CONFIRM mcafee — active_response McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. 2019-09-11 5.0 CVE-2019-3643
CONFIRM mcafee — active_response McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. 2019-09-11 5.0 CVE-2019-3644
CONFIRM mcafee — web_gateway Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator’s credentials via tricking the administrator to click on a carefully constructed malicious link. 2019-09-12 4.3 CVE-2019-3638
CONFIRM mendix — mendix In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. 2019-09-10 5.0 CVE-2019-12996
CONFIRM microfocus — service_manager HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. 2019-09-10 5.0 CVE-2019-11668
CONFIRM microfocus — service_manager Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. 2019-09-10 5.0 CVE-2019-11669
CONFIRM microsoft — .net_core A denial of service vulnerability exists when .NET Core improperly handles web requests, aka ‘.NET Core Denial of Service Vulnerability’. 2019-09-11 5.0 CVE-2019-1301
MISC microsoft — asp.net_core An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka ‘ASP.NET Core Elevation Of Privilege Vulnerability’. 2019-09-11 6.8 CVE-2019-1302
MISC microsoft — edge A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka ‘Microsoft Browser Security Feature Bypass Vulnerability’. 2019-09-11 4.3 CVE-2019-1220
MISC microsoft — edge An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka ‘Microsoft Edge based on Edge HTML Information Disclosure Vulnerability’. 2019-09-11 4.3 CVE-2019-1299
MISC microsoft — excel An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ‘Microsoft Excel Information Disclosure Vulnerability’. 2019-09-11 4.3 CVE-2019-1263
MISC microsoft — exchange_server A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka ‘Microsoft Exchange Spoofing Vulnerability’. 2019-09-11 4.3 CVE-2019-1266
MISC microsoft — lync An information disclosure vulnerability exists in Lync 2013, aka ‘Lync 2013 Information Disclosure Vulnerability’. 2019-09-11 4.3 CVE-2019-1209
MISC microsoft — office A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka ‘Microsoft Office Security Feature Bypass Vulnerability’. 2019-09-11 6.8 CVE-2019-1264
MISC microsoft — project_rome An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka ‘Rome SDK Information Disclosure Vulnerability’. 2019-09-11 4.3 CVE-2019-1231
MISC microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296. 2019-09-11 6.5 CVE-2019-1257
MISC microsoft — sharepoint_enterprise_server An elevation of privilege vulnerability exists in Microsoft SharePoint, aka ‘Microsoft SharePoint Elevation of Privilege Vulnerability’. 2019-09-11 4.0 CVE-2019-1260
MISC microsoft — sharepoint_enterprise_server A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-1259. 2019-09-11 6.8 CVE-2019-1261
MISC microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren’t properly protected from unsafe data input, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296. 2019-09-11 6.5 CVE-2019-1295
MISC microsoft — sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren’t properly protected from unsafe data input, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. 2019-09-11 6.5 CVE-2019-1296
MISC microsoft — sharepoint_foundation A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-1261. 2019-09-11 6.8 CVE-2019-1259
MISC microsoft — visual_studio An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka ‘Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability’. 2019-09-11 4.6 CVE-2019-1232
MISC microsoft — windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka ‘Windows Hyper-V Denial of Service Vulnerability’. 2019-09-11 5.5 CVE-2019-0928
MISC microsoft — windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka ‘DirectWrite Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. 2019-09-11 4.3 CVE-2019-1244
MISC microsoft — windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka ‘DirectWrite Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. 2019-09-11 4.3 CVE-2019-1245
MISC microsoft — windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1286. 2019-09-11 4.3 CVE-2019-1252
MISC microsoft — windows_10 An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka ‘Windows Audio Service Elevation of Privilege Vulnerability’. 2019-09-11 4.6 CVE-2019-1277
MISC microsoft — windows_10 An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. 2019-09-11 4.6 CVE-2019-1278
MISC microsoft — windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1252. 2019-09-11 4.3 CVE-2019-1286
MISC microsoft — windows_10 An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka ‘Windows Network Connectivity Assistant Elevation of Privilege Vulnerability’. 2019-09-11 4.6 CVE-2019-1287
MISC microsoft — windows_10 A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Denial of Service Vulnerability’. 2019-09-11 6.8 CVE-2019-1292
MISC microsoft — yammer A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka ‘Microsoft Yammer Security Feature Bypass Vulnerability’. 2019-09-11 5.0 CVE-2019-1265
MISC misp — misp MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a “This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.</td>

2019-09-10 4.0 CVE-2019-16202
CONFIRM
MISC
MISC myhtml_project — myhtml MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. 2019-09-09 4.3 CVE-2019-16164
MISC netapp — oncommand_workflow_automation OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. 2019-09-10 5.0 CVE-2019-5503
CONFIRM netattingo — wp-whois-domain The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. 2019-09-13 4.3 CVE-2017-18612
MISC
MISC netgear — wnr2000_firmware An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. 2019-09-11 5.0 CVE-2019-5054
MISC netgear — wnr2000_firmware An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. 2019-09-11 5.0 CVE-2019-5055
MISC nic — bird BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon’s support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. 2019-09-09 5.0 CVE-2019-16159
MISC
MISC
MISC
MISC
MISC
MISC ntt-east — pr-400ki_firmware Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-09-12 6.8 CVE-2019-5986
MISC
CONFIRM oceanwp — ocean_extra includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. 2019-09-11 5.0 CVE-2019-16250
MISC once_cell_project — once_cell An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. 2019-09-09 5.0 CVE-2019-16141
MISC
MISC oniguruma_project — oniguruma Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. 2019-09-09 5.0 CVE-2019-16163
MISC
MISC
MISC
MLIST opensc_project — opensc An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. 2019-09-06 5.0 CVE-2019-16058
MLIST
MISC openssl — openssl OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). 2019-09-10 5.0 CVE-2019-1549
CONFIRM
CONFIRM openssl — openssl In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). 2019-09-10 4.3 CVE-2019-1563
MISC
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
CONFIRM opmantek — open-audit The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. 2019-09-13 6.5 CVE-2019-16293
MISC padrinorb — padrino-contrib The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption. 2019-09-09 4.3 CVE-2019-16145
MISC pagelines — pagelines The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. 2019-09-13 6.8 CVE-2016-10945
MISC panasonic — video_insight_vms SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2019-09-12 6.5 CVE-2019-5996
MISC phpmyadmin — phpmyadmin A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. 2019-09-13 5.8 CVE-2019-12922
MISC
MISC
EXPLOIT-DB phpok — oklite framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. 2019-09-08 6.5 CVE-2019-16131
MISC phpok — oklite An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. 2019-09-08 5.5 CVE-2019-16132
MISC picoc_project — picoc PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. 2019-09-13 6.8 CVE-2019-16277
MISC pinfinity_project — pinfinity The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter. 2019-09-10 4.3 CVE-2017-18599
MISC piwigo — piwigo admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. 2019-09-13 6.8 CVE-2019-13363
MISC
MISC
MISC
MISC piwigo — piwigo admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. 2019-09-13 6.8 CVE-2019-13364
MISC
MISC
MISC
MISC plataformatec — devise An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.) 2019-09-08 5.0 CVE-2019-16109
MISC
MISC
MISC podlove — podlove_podcast_publisher The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. 2019-09-13 4.3 CVE-2016-10941
MISC
MISC
MISC postman-smtp_project — postman-smtp The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. 2019-09-10 4.3 CVE-2017-18603
MISC
MISC py-lmdb_project — py-lmdb An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. 2019-09-11 5.0 CVE-2019-16226
MISC py-lmdb_project — py-lmdb An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. 2019-09-11 5.0 CVE-2019-16228
MISC python — python An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. 2019-09-06 5.0 CVE-2019-16056
MISC
MISC
FEDORA sakailms — sakai Sakai through 12.6 allows XSS via a chat user name. 2019-09-09 4.3 CVE-2019-16148
MISC sap — businessobjects_business_intelligence_platform In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. 2019-09-10 5.0 CVE-2019-0352
MISC
CONFIRM sap — hana_extended_application_services Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports. 2019-09-10 5.5 CVE-2019-0363
MISC
CONFIRM sap — hana_extended_application_services Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. 2019-09-10 4.0 CVE-2019-0364
MISC
CONFIRM sap — netweaver_application_server_java SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. 2019-09-10 6.5 CVE-2019-0355
MISC
CONFIRM sap — netweaver_process_integration Under certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. 2019-09-10 4.0 CVE-2019-0356
MISC
CONFIRM sap — supplier_relationship_management SAP Supplier Relationship Management (Master Data Management Catalog – SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-09-10 4.3 CVE-2019-0361
MISC
CONFIRM sapplica — sentrifugo Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. 2019-09-06 6.8 CVE-2019-16059
MISC search_exclude_project — search_exclude search-exclude.php in the “Search Exclude” plugin before 1.2.4 for WordPress allows unauthenticated options changes. 2019-09-09 5.0 CVE-2019-15895
MISC
MISC
MISC senecajs — seneca Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. 2019-09-09 5.0 CVE-2019-5483
MISC silver-peak — unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. 2019-09-08 6.8 CVE-2019-16099
MISC silver-peak — unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. 2019-09-08 5.0 CVE-2019-16100
MISC silver-peak — unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. 2019-09-08 5.0 CVE-2019-16101
MISC silver-peak — unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. 2019-09-08 4.3 CVE-2019-16104
MISC silver-peak — unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. 2019-09-08 4.0 CVE-2019-16105
MISC sirv — sirv The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10950
MISC
MISC
MISC sitebuilder_dynamic_components_project — sitebuilder_dynamic_components The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. 2019-09-10 5.0 CVE-2017-18604
MISC
MISC slickquiz_project — slickquiz The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI. 2019-09-13 6.5 CVE-2019-12516
MISC
MISC slickquiz_project — slickquiz An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber. 2019-09-13 4.3 CVE-2019-12517
MISC
MISC spot — spot.im_comments The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues. 2019-09-10 4.3 CVE-2017-18608
MISC
MISC sqlite — sqlite In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a “severe division by zero in the query planner.” 2019-09-09 5.0 CVE-2019-16168
MISC
MISC
MISC ss-proj — shirasagi Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-09-12 5.8 CVE-2019-6009
MISC
MISC
MISC
MISC
MISC supervisord — supervisor In supervisord in Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. WARNING: This issue will not be fixed by the maintainer. The ability to run an open server will not be removed because users often use it for local development, therefore no action will be taken. 2019-09-10 6.4 CVE-2019-12105
MISC
MISC
MISC symonics — libmysofa Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. 2019-09-07 5.0 CVE-2019-16091
MISC symonics — libmysofa Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. 2019-09-07 5.0 CVE-2019-16094
MISC symonics — libmysofa Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. 2019-09-07 5.0 CVE-2019-16095
MISC sysstat_project — sysstat sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. 2019-09-09 4.3 CVE-2019-16167
MISC
MISC teammatesolutions — teammate+ A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request. 2019-09-09 4.3 CVE-2019-10253
MISC
MISC telegram — telegram The “delete for” feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient’s copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient’s copy of a previously sent message). 2019-09-11 5.0 CVE-2019-16248
MISC
MISC
MISC theme-fusion — avada The avada theme before 5.1.5 for WordPress has stored XSS. 2019-09-10 4.3 CVE-2017-18606
MISC theme-fusion — avada The avada theme before 5.1.5 for WordPress has CSRF. 2019-09-10 6.8 CVE-2017-18607
MISC trendmicro — deep_security_manager Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). 2019-09-11 4.0 CVE-2019-9488
N/A tri — event_tickets CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the “All Post> Ticketed > Attendees” Export Attendees feature. 2019-09-08 6.5 CVE-2019-16120
MISC
MISC
MISC trust_form_project — trust_form The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. 2019-09-13 4.3 CVE-2017-18613
MISC
MISC ultra-prod — wordpress_ultra_simple_paypal_shopping_cart Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-09-12 6.8 CVE-2019-5992
MISC vsourz — cf7_invisible_recaptcha The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. 2019-09-09 4.3 CVE-2018-21012
MISC
MISC weaver — eteams_oa An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/. 2019-09-08 4.0 CVE-2019-16133
MISC wordpress — wordpress WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. 2019-09-11 4.3 CVE-2019-16217
MISC
MISC wordpress — wordpress WordPress before 5.2.3 allows XSS in stored comments. 2019-09-11 4.3 CVE-2019-16218
MISC
MISC wordpress — wordpress WordPress before 5.2.3 allows XSS in shortcode previews. 2019-09-11 4.3 CVE-2019-16219
MISC
MISC
MISC wordpress — wordpress In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. 2019-09-11 5.8 CVE-2019-16220
MISC
MISC
MISC
MISC wordpress — wordpress WordPress before 5.2.3 allows reflected XSS in the dashboard. 2019-09-11 4.3 CVE-2019-16221
MISC
MISC wordpress — wordpress WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. 2019-09-11 4.3 CVE-2019-16222
MISC
MISC
MISC
MISC wp-kama — kama_click_counter The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. 2019-09-13 4.3 CVE-2017-18615
MISC wpcharitable — charitable The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. 2019-09-09 5.0 CVE-2018-21011
MISC
MISC xtremelocator — xtremelocator The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10939
MISC
MISC xwiki — cryptpad The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification. 2019-09-11 5.5 CVE-2019-15302
MISC
CONFIRM zm-gallery_project — zm-gallery The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. 2019-09-13 6.5 CVE-2016-10940
MISC
MISC zx-csv-upload_project — zx-csv-upload The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10943
MISC
MISC
MISC

MIL OSI USA News