The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).For modified or updated entries, please visit the NVD , which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT.This information may include identifying information, values, definitions, and related links.Patch information is provided when available.Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD .
In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores.Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities Primary
Vendor — Product Description Published CVSS Score Source & Patch Info advantech — webaccess In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.2019-09-18 9.0 CVE-2019-13550
MISC advantech — webaccess In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.2019-09-18 9.0 CVE-2019-13558
MISC apache — tapestry Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded.If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp’s AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code.The vector would be the t:formdata parameter from the Form component.2019-09-16 7.5 CVE-2019-0195
MLIST arubanetworks — arubaos A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS.
An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges.
Such an attack could lead to complete system compromise.
The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack.The attack leverages the PAPI protocol (UDP port 8211).
If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked.2019-09-13 9.3 CVE-2018-7081
CONFIRM
MISC aspose — aspose.pdf_for_c++ An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++.
A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition.
To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.2019-09-18 7.5 CVE-2019-5066
CONFIRM aspose — aspose.pdf_for_c++ An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers.A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution.
To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.2019-09-18 7.5 CVE-2019-5067
CONFIRM atlassian — jira The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.2019-09-19 9.0 CVE-2019-15001
MISC canonical — ubuntu_linux A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration.A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.2019-09-17 7.2 CVE-2019-14835
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
FEDORA
UBUNTU
MISC code42 — code42 In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed.This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.2019-09-17 7.5 CVE-2019-15131
CONFIRM
MISC dlink — dns-320_firmware The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.2019-09-16 10.0 CVE-2019-16057
MISC
MISC egpp — sistema_integrado_de_gestion_academica In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database.
2019-09-16 7.5 CVE-2019-16264
MISC fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.It is related to com.zaxxer.hikari.HikariConfig.2019-09-15 7.5 CVE-2019-14540
CONFIRM
MISC
MISC fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
It is related to com.zaxxer.hikari.HikariDataSource.This is a different vulnerability than CVE-2019-14540.2019-09-15 7.5 CVE-2019-16335
MISC flamecms_project — flamecms FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.2019-09-14 7.5 CVE-2019-16309
MISC gitlabhook_project — gitlabhook NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability.Arbitrary commands can be injected through the repository name.
2019-09-13 10.0 CVE-2019-5485
MISC haxx — curl Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.2019-09-16 7.5 CVE-2019-5481
SUSE
CONFIRM
FEDORA
FEDORA haxx — curl Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.2019-09-16 7.5 CVE-2019-5482
SUSE
CONFIRM
FEDORA
FEDORA ibm — cognos_analytics IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources.IBM X-Force ID: 158973.2019-09-17 7.8 CVE-2019-4183
XF
CONFIRM indexhibit — indexhibit Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.2019-09-14 7.5 CVE-2019-16314
MISC infradead — openconnect process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.2019-09-17 7.5 CVE-2019-16239
CONFIRM
FEDORA
FEDORA
FEDORA
MISC jhipster — jhipster_kotlin A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils).This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.
2019-09-13 7.5 CVE-2019-16303
MISC
MISC
MISC
MISC
MISC keeper — k5_firmware On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
2019-09-19 7.2 CVE-2019-16398
MISC libav — libav In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.2019-09-19 7.1 CVE-2019-9717
MISC
MISC libav — libav A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.2019-09-19 7.1 CVE-2019-9720
MISC
MISC linux — linux_kernel An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel’s KVM hypervisor implements the Coalesced MMIO write operation.It operates on an MMIO ring buffer ‘struct kvm_coalesced_mmio’ object, wherein write indices ‘ring->first’ and ‘ring->last’ value could be supplied by a host user-space process.An unprivileged host user or process with access to ‘/dev/kvm’ device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.2019-09-19 7.2 CVE-2019-14821
MLIST
CONFIRM linux-nfs — nfs-utils The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup.This directory contains files owned and managed by root.
If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system if fs.protected_symlinks is not set 2019-09-19 10.0 CVE-2019-3689
CONFIRM membersonic — membersonic The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.2019-09-16 7.5 CVE-2016-10971
MISC microfocus — data_protector Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40.This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.2019-09-13 7.2 CVE-2019-11660
CONFIRM moddable — moddable In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.
2019-09-16 7.5 CVE-2019-16366
MISC open-emr — openemr OpenEMR v5.0.1-6 allows code execution.2019-09-16 9.0 CVE-2019-8371
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.Password hashes are compared using the equality operator.Thus, under specific circumstances, it is possible to bypass login authentication.2019-09-20 7.5 CVE-2019-15088
MISC
MISC publisure — publisure An issue was discovered in the secure portal in Publisure 2.1.2.Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions.
Using this, an attacker can access passwords and/or grant access to the user account “user” in order to become “Administrator” (for example).2019-09-18 7.5 CVE-2019-14254
MISC rsa — archer RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability.The vulnerability allows sysadmins to create user accounts with insufficient credentials.Unauthenticated attackers could gain unauthorized access to the system using those accounts.
2019-09-18 7.5 CVE-2019-3758
MISC schneider-electric — bmxnor0200h_firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.2019-09-17 7.8 CVE-2019-6813
CONFIRM
CONFIRM schneider-electric — modicon_premium_firmware A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.
2019-09-17 7.8 CVE-2019-6809
CONFIRM schneider-electric — modicon_premium_firmware A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.2019-09-17 7.8 CVE-2019-6828
CONFIRM siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1).The web interface has no means to prevent password guessing attacks.The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction.The vulnerability could allow full access to the web interface.At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13 7.5 CVE-2019-13918
MISC smackcoders -- ultimate_exporter The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.2019-09-20 7.5 CVE-2016-11000
MISC
MISC tagdiv -- newspaper The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
2019-09-16 7.5 CVE-2016-10972
MISC
EXPLOIT-DB tagdiv — newspaper The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.2019-09-16 7.5 CVE-2017-18634
MISC telestar — bobs_rock_radio_firmware TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.2019-09-16 7.5 CVE-2019-13474
MISC
MISC templatic — telvolution The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php.2019-09-18 7.5 CVE-2016-10995
MISC tenda — n301_firmware On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash.2019-09-13 7.8 CVE-2019-16288
MISC tendacn — n301_firmware In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value.(Prohibition of this zero value is only enforced within the GUI.) 2019-09-19 7.8 CVE-2019-16412
MISC terrasoft — bpm_online_crm_system_sdk A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.2019-09-18 7.5 CVE-2019-15301
MISC tibco — enterprise_runtime_for_r The server component of TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component.This issue affects: TIBCO Enterprise Runtime for R – Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
2019-09-18 10.0 CVE-2019-11210
MISC
CONFIRM tibco — enterprise_runtime_for_r The server component of TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances.When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code.
This issue affects: TIBCO Enterprise Runtime for R – Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.2019-09-18 9.0 CVE-2019-11211
MISC
CONFIRM trusteddomain — opendmarc OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.2019-09-17 7.5 CVE-2019-16378
MLIST
MISC
MISC
BUGTRAQ
DEBIAN
MISC tuzicms — tuzicms AppHomeControllerZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.2019-09-20 7.5 CVE-2019-16644
MISC vivotek — camera VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.2019-09-18 7.8 CVE-2019-14458
CONFIRM
MISC westerndigital — wd_my_book_firmware Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials.An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
2019-09-18 7.5 CVE-2019-16399
MISC
MISC wireshark — wireshark In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop.This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
2019-09-15 7.8 CVE-2019-16319
MISC
MISC
MISC wp-kama — kama_click_counter The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.2019-09-13 9.3 CVE-2017-18614
MISC
MISC yejiao — tuzicms AppMobileControllerZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.2019-09-20 7.5 CVE-2019-16642
MISC Back to advantech — webaccess In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.2019-09-18 6.5 CVE-2019-13552
MISC advantech — webaccess In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data.Exploitation of these vulnerabilities may allow remote code execution.2019-09-18 6.5 CVE-2019-13556
MISC agentevolution — impress_listings The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.2019-09-20 4.3 CVE-2016-11013
MISC
MISC akal_project — akal The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.
2019-09-16 4.3 CVE-2016-10957
MISC
MISC apache — tapestry Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn’t filter the character “, so attacker can perform a path traversal attack to read any files on Windows platform.2019-09-16 5.0 CVE-2019-0207
MLIST apache — tapestry The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures.This could lead to remote code execution if an attacker is able to determine the correct signature for their payload.The comparison should be done with a constant time algorithm instead.2019-09-16 6.8 CVE-2019-10071
MLIST arubanetworks — arubaos Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS.An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.2019-09-13 4.3 CVE-2019-5314
CONFIRM aspose — aspose.pdf_for_c++ An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++.
A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free.An attacker can send a malicious PDF to trigger this vulnerability.2019-09-18 6.5 CVE-2019-5042
CONFIRM asus — asuswrt-merlin An issue was discovered in ASUSWRT 3.0.0.4.384.20308.There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.2019-09-17 5.0 CVE-2018-20336
MISC
CONFIRM atlassian — bitbucket The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.2019-09-19 6.8 CVE-2019-15000
MISC atlassian — jira_service_desk_server The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability.Note that when the ‘Anyone can email the service desk or raise a request in the portal’ setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.2019-09-19 4.3 CVE-2019-14994
MISC attosoft — auto_thickbox_plus The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.
2019-09-20 4.3 CVE-2015-9396
MISC
MISC axiosys — bento4 Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.2019-09-16 4.3 CVE-2019-16349
MISC bestwebsoft — relevant The relevant plugin before 1.0.8 for WordPress has XSS.2019-09-20 4.3 CVE-2015-9384
MISC
MISC bower — bower Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.2019-09-13 5.0 CVE-2019-5484
MISC
MISC
MISC brafton — brafton The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.2019-09-16 4.3 CVE-2016-10973
MISC
MISC checklist — checklist An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress.The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
2019-09-19 4.3 CVE-2019-16525
MISC
MISC
MISC
MISC cisco — hyperflex_hx220c_af_m5_firmware A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device.The vulnerability is due to insufficient authentication for the statistics collection service.An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device.A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.
2019-09-18 5.0 CVE-2019-12620
CISCO cisco — hyperflex_hx220c_af_m5_firmware A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device.This vulnerability is due to insufficient HTML iframe protection.
An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe.A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.2019-09-18 4.3 CVE-2019-1975
CISCO codepeople — music_store The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.2019-09-17 4.3 CVE-2016-10992
MISC
MISC
MISC codesys — codesys 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.15.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed.The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.2019-09-17 6.8 CVE-2019-13538
MISC codesys — control_for_beaglebone An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30.
A user with low privileges can take full control over the runtime.2019-09-17 6.5 CVE-2019-9008
MISC
CERT creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.2019-09-16 6.4 CVE-2016-10965
MISC
MISC creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.2019-09-16 5.0 CVE-2016-10966
MISC
MISC creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.2019-09-16 4.3 CVE-2016-10967
MISC
MISC cyberseo — xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.2019-09-20 4.3 CVE-2015-9407
MISC
MISC
MISC cyberseo — xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
2019-09-20 4.3 CVE-2015-9408
MISC
MISC
MISC dolibarr — dolibarr In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.2019-09-16 4.3 CVE-2019-16197
MISC eclipse — mosquitto If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.2019-09-18 5.5 CVE-2019-11778
CONFIRM eclipse — mosquitto In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more ‘/’ characters, i.e.the topic hierarchy separator, then a stack overflow will occur.2019-09-19 4.0 CVE-2019-11779
CONFIRM elfsight — instalinker The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.2019-09-20 4.3 CVE-2016-11005
MISC
MISC estatik — estatik The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.
2019-09-16 5.0 CVE-2016-10958
MISC
MISC
MISC estatik — estatik The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.2019-09-16 4.0 CVE-2016-10959
MISC
MISC firestormplugins — fs-shopping-cart The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.2019-09-13 6.5 CVE-2016-10951
MISC
MISC
MISC fossura — tag_miner The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.2019-09-17 6.8 CVE-2016-10978
MISC
MISC fossura — tag_miner The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.2019-09-17 4.3 CVE-2016-10979
MISC fulixerox — docushare A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).2019-09-14 4.3 CVE-2019-16307
MISC geautomation — proficy Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
2019-09-16 5.0 CVE-2019-16353
MISC ghost — ghost The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.2019-09-17 4.0 CVE-2016-10983
MISC
MISC gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1.An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.2019-09-16 5.5 CVE-2019-15721
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1.
Particular mathematical expressions in GitLab Markdown can exhaust client resources.2019-09-16 5.0 CVE-2019-15722
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1.Merge requests created by email could be used to bypass push rules in certain situations.2019-09-16 5.0 CVE-2019-15723
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1.
Label descriptions are vulnerable to HTML injection.2019-09-16 4.3 CVE-2019-15724
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1.An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.2019-09-16 5.0 CVE-2019-15725
MISC gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1.
Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.2019-09-16 5.0 CVE-2019-15726
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1.
Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.2019-09-16 5.0 CVE-2019-15727
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1.Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.2019-09-16 5.0 CVE-2019-15728
MISC gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1.An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
2019-09-17 5.0 CVE-2019-15729
MISC gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1.The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server.2019-09-16 5.0 CVE-2019-15730
MISC gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1.Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.2019-09-16 5.0 CVE-2019-15731
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1.
The project import API could be used to bypass project visibility restrictions.2019-09-16 5.0 CVE-2019-15732
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1.
The specified default branch name could be exposed to unauthorized users.2019-09-16 4.0 CVE-2019-15733
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1.Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
2019-09-16 4.0 CVE-2019-15734
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1.Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.2019-09-16 5.0 CVE-2019-15736
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1.
Certain account actions needed improved authentication and session management.
2019-09-16 6.4 CVE-2019-15737
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1.Under certain conditions, merge request IDs were being disclosed via email.2019-09-16 5.0 CVE-2019-15738
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1.
Certain areas displaying Markdown were not properly sanitizing some XSS payloads.2019-09-16 4.3 CVE-2019-15739
CONFIRM gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1.EXIF Geolocation data was not being removed from certain image uploads.
2019-09-16 5.0 CVE-2019-15740
MISC gitlab — gitlab An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5.It has Incorrect Access Control.2019-09-16 5.5 CVE-2019-16170
MISC gnucobol_project — gnucobol GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
2019-09-17 6.8 CVE-2019-16395
MISC gnucobol_project — gnucobol GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.2019-09-17 6.8 CVE-2019-16396
MISC gpac — gpac AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
There is “cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;” but cfg could be NULL.2019-09-16 4.3 CVE-2018-21015
MISC gpac — gpac audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2019-09-16 4.3 CVE-2018-21016
MISC gpac — gpac GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.2019-09-16 4.3 CVE-2018-21017
MISC
MISC gradle — gradle The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
2019-09-16 4.3 CVE-2019-16370
MISC
MISC hrworks — hrworks A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component.2019-09-17 4.3 CVE-2019-11559
FULLDISC
MISC ibm — application_performance_management IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim.By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.IBM X-Force ID: 157509.2019-09-17 4.3 CVE-2019-4086
XF
CONFIRM ibm — cognos_controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies.This could allow an attacker to obtain sensitive information using man in the middle techniques.
IBM X-Force ID: 158876.2019-09-17 4.3 CVE-2019-4171
XF
CONFIRM ibm — cognos_controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.IBM X-Force ID: 158880.2019-09-17 5.0 CVE-2019-4175
XF
CONFIRM ibm — financial_transaction_manager_for_multiplatform IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system.An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
IBM X-Force ID: 150946.2019-09-18 4.0 CVE-2018-1847
XF
CONFIRM ibm — security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
IBM X-Force ID: 166626.2019-09-20 5.0 CVE-2019-4565
XF
CONFIRM ibm — sterling_file_gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection.A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
IBM X-Force ID: 158413.2019-09-16 6.5 CVE-2019-4147
XF
CONFIRM ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system.An attacker could send a specially-crafted URL containing “dot dot” sequences (/../) to view arbitrary files on the system.IBM X-Force ID: 160201.
2019-09-17 5.0 CVE-2019-4268
XF
CONFIRM ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system.
An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content.IBM X-Force ID: 163226.2019-09-17 4.0 CVE-2019-4442
XF
CONFIRM ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options.IBM X-Force ID: 163997.2019-09-17 4.0 CVE-2019-4477
XF
CONFIRM ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL.This can lead the attacker to view any file in a certain directory.
IBM X-Force ID: 164364.2019-09-20 5.0 CVE-2019-4505
XF
CONFIRM icegram — icegram The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.2019-09-16 4.3 CVE-2016-10962
MISC
MISC icegram — icegram The icegram plugin before 1.9.19 for WordPress has XSS.2019-09-16 4.3 CVE-2016-10963
MISC ifw8 — fr5-e_firmware ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
2019-09-14 5.0 CVE-2019-16313
MISC imdb-widget_project — imdb-widget The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.
2019-09-17 5.0 CVE-2016-10991
MISC
MISC intel — easy_streaming_wizard Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack.2019-09-16 4.6 CVE-2019-11166
CONFIRM intenogroup — eg200_firmware Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the “user” account to extract the 3DES key via JSON commands to ubus.
The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.2019-09-16 4.3 CVE-2019-13140
MISC
MISC
MISC
EXPLOIT-DB kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.
2019-09-17 4.3 CVE-2016-10980
MISC
MISC kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.2019-09-17 4.3 CVE-2016-10981
MISC
MISC kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.2019-09-17 6.8 CVE-2016-10982
MISC
MISC kodebyraaet — safe_editor The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.2019-09-17 4.3 CVE-2016-10976
MISC
MISC layerbb — layerbb LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
2019-09-19 6.8 CVE-2019-16531
MISC
MISC
MISC
MISC leenk — leenk.me The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.2019-09-17 4.3 CVE-2016-10988
MISC
MISC
MISC leenk — leenk.me The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.2019-09-17 6.8 CVE-2016-10989
MISC
MISC
MISC libav — libav A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.2019-09-19 6.8 CVE-2019-9719
MISC
MISC
MISC
MISC libwav_project — libwav marc-q libwav through 2019-08-15 has a NULL pointer dereference in gain_file() at wav_gain.c.
2019-09-16 4.3 CVE-2019-16348
MISC linecorp — line Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image.2019-09-19 6.8 CVE-2019-6010
MISC
MISC linux — linux_kernel An issue was discovered in the Linux kernel before 5.0.4.The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.2019-09-18 5.0 CVE-2019-16413
MISC
MISC
MISC logmein — lastpass LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim’s account on a previously visited web site, because do_popupregister can be bypassed via clickjacking.
2019-09-16 5.8 CVE-2019-16371
MISC mail-masta_project — mail-masta The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.2019-09-16 5.0 CVE-2016-10956
MISC
MISC
MISC mcafee — total_protection DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.2019-09-13 6.0 CVE-2019-3646
CONFIRM mi — xiaomi_millet_firmware A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3.A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing.
2019-09-18 5.8 CVE-2019-15843
CONFIRM microfocus — service_manager Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.This vulnerability could be exploited to allow unauthorized access and modification of data.2019-09-18 6.5 CVE-2019-11661
CONFIRM microfocus — service_manager Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.
This vulnerability could be exploited in some special cases to allow information exposure through an error message.2019-09-18 4.0 CVE-2019-11662
CONFIRM microfocus — service_manager Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.The vulnerability could be exploited to allow sensitive data exposure.2019-09-18 4.0 CVE-2019-11663
CONFIRM microfocus — service_manager Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.The vulnerability could be exploited to allow sensitive data exposure.
2019-09-18 4.0 CVE-2019-11664
CONFIRM microfocus — service_manager Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.The vulnerability could be exploited to allow sensitive data exposure.2019-09-17 5.0 CVE-2019-11665
CONFIRM microfocus — service_manager Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.The vulnerability could be exploited to allow insecure deserialization of untrusted data.2019-09-17 6.8 CVE-2019-11666
CONFIRM microfocus — service_manager Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.The vulnerability could be exploited to allow unauthorized access to private data.
2019-09-17 5.0 CVE-2019-11667
CONFIRM mobatek — mobaxterm In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection.A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link.If accepted, another popup appears asking for further confirmation.If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.2019-09-14 6.8 CVE-2019-16305
MISC momizat — goodnews The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.
2019-09-20 4.3 CVE-2016-10999
MISC mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.2019-09-20 4.3 CVE-2015-9386
MISC
MISC mz-automation — libiec61850 libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.2019-09-19 5.0 CVE-2019-16510
MISC neliosoftware — nelio_ab_testing The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.2019-09-17 4.0 CVE-2016-10977
MISC
MISC
MISC nerdcow — tweet_wheel The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.2019-09-17 4.3 CVE-2016-10986
MISC
MISC
MISC netattingo — wp-whois-domain The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter.
2019-09-13 4.3 CVE-2017-18612
MISC
MISC neuvoo — neuvoo-jobroll The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.2019-09-20 4.3 CVE-2015-9404
MISC
MISC neuvoo — neuvoo_jobs The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.2019-09-20 4.3 CVE-2015-9403
MISC
MISC ngiflib_project — ngiflib ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.2019-09-16 6.8 CVE-2019-16346
MISC
MISC ngiflib_project — ngiflib ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
2019-09-16 6.8 CVE-2019-16347
MISC
MISC niushop — niushop NIUSHOP V1.11 has CSRF via search_info to index.php.2019-09-14 6.8 CVE-2019-16311
MISC notepad_plus_plus — notepad++ SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.2019-09-14 6.8 CVE-2019-16294
MISC
MISC
MISC ocimscripts — ocim-mp3 The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.2019-09-20 4.3 CVE-2016-10998
MISC open-emr — openemr OpenEMR v5.0.1-6 allows XSS.
2019-09-16 4.3 CVE-2019-8368
MISC optinmonster — optinmonster The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.2019-09-20 5.0 CVE-2016-10996
MISC
MISC ostenta — yawpp The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.2019-09-20 4.3 CVE-2015-9391
MISC
MISC pagelines — pagelines The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.2019-09-13 6.8 CVE-2016-10945
MISC peepso — peepso The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.
2019-09-16 6.5 CVE-2016-10968
MISC
MISC picoc_project — picoc PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.2019-09-13 6.8 CVE-2019-16277
MISC pimcore — pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.2019-09-14 6.5 CVE-2019-16317
MISC
MISC pimcore — pimcore In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.2019-09-14 6.5 CVE-2019-16318
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.
The current database password is embedded in the change password form.2019-09-20 5.0 CVE-2019-15085
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.2019-09-20 4.3 CVE-2019-15086
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.
An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.2019-09-20 6.5 CVE-2019-15087
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.Forms have no CSRF protection, letting an attacker execute actions as the administrator.2019-09-20 6.8 CVE-2019-15089
MISC
MISC publisure — publisure An issue was discovered in the secure portal in Publisure 2.1.2.
Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form.
The code is then stored in the E:PUBLISUREwebservicewebpagesAdminDirTemplates folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden).2019-09-18 6.5 CVE-2019-14252
MISC publisure — publisure An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2.One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted.2019-09-18 6.4 CVE-2019-14253
MISC pydio — pydio Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL.The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.2019-09-19 5.0 CVE-2019-15032
MISC
MISC
MISC pydio — pydio Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download.An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
2019-09-19 4.0 CVE-2019-15033
MISC
MISC
MISC redmineup — crm The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data.2019-09-16 4.3 CVE-2019-15950
MISC
MISC rsa — archer RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability.Information relating to the backend database gets disclosed to low-privileged RSA Archer users’ UI under certain error conditions.
2019-09-18 4.0 CVE-2019-3756
MISC rsa — bsafe_cert-j RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability.A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.2019-09-18 4.3 CVE-2019-3738
MISC rsa — bsafe_cert-j RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation.A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.2019-09-18 4.3 CVE-2019-3739
MISC rsa — bsafe_cert-j RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation.
A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.2019-09-18 4.3 CVE-2019-3740
MISC s-cms — s-cms s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.2019-09-14 4.3 CVE-2019-16312
MISC scadabr — scadabr ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.2019-09-15 4.3 CVE-2019-16321
MISC schneider-electric — bmxnor0200h_firmware CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.
2019-09-17 6.5 CVE-2019-6810
CONFIRM schneider-electric — bmxnor0200h_firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.2019-09-17 5.0 CVE-2019-6831
CONFIRM schneider-electric — hmigtu_firmware A CWE-754 ? Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of – HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received.When the attack stops, the buffered commands are processed by the HMI panel.2019-09-17 4.3 CVE-2019-6833
CONFIRM schneider-electric — modicon_quantum_140noe77101_firmware An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes.
The module then requires a power cycle to recover.2019-09-17 5.0 CVE-2019-6811
CONFIRM schneider-electric — somachine_hvac A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.
2019-09-17 6.8 CVE-2019-6826
CONFIRM siemens — ie/wsn-pa_link_wirelesshart_gateway_firmware A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions).The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.User interaction is required for a successful exploitation.The user must be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known.2019-09-13 4.3 CVE-2019-13923
MISC siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1).
Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user.The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface.No user interaction is required.The vulnerability could allow an attacker to access information that he should not be able to read.The affected information does not include passwords.At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13 4.0 CVE-2019-13919
MISC siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1).Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks.
The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application.The vulnerability could allow switching the connectivity state of a user or a device.At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13 4.3 CVE-2019-13920
MISC siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1).
An attacker with administrative privileges can obtain the hash of a connected device’s password.The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges.At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13 4.0 CVE-2019-13922
MISC sirv — sirv The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
2019-09-13 6.5 CVE-2016-10950
MISC
MISC
MISC slickquiz_project — slickquiz An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress.The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights.Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber.2019-09-13 4.3 CVE-2019-12517
MISC
MISC smackcoders — echo_sign The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.2019-09-17 4.3 CVE-2016-10984
MISC
MISC
MISC smackcoders — echo_sign The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.2019-09-17 4.3 CVE-2016-10985
MISC
MISC
MISC spip — spip SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database.This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.2019-09-17 4.0 CVE-2019-16391
MISC
MISC
MISC spip — spip SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
2019-09-17 4.3 CVE-2019-16392
MISC
MISC spip — spip SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.2019-09-17 5.8 CVE-2019-16393
MISC
MISC
MISC spip — spip SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.2019-09-17 5.0 CVE-2019-16394
MISC
MISC
MISC
MISC supportflow_project — supportflow The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.2019-09-16 4.3 CVE-2016-10969
MISC
MISC supportflow_project — supportflow The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.
2019-09-16 4.3 CVE-2016-10970
MISC
MISC tonjoostudio — fluid-responsive-slideshow The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.2019-09-17 6.8 CVE-2016-10974
MISC
MISC tonjoostudio — fluid-responsive-slideshow The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter.2019-09-17 4.3 CVE-2016-10975
MISC
MISC trivetechnology — wp-stats-dashboard The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.2019-09-20 6.5 CVE-2015-9399
MISC
MISC
MISC truemag_theme_project — truemag_theme The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.
2019-09-18 4.3 CVE-2016-10994
MISC trust_form_project — trust_form The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.2019-09-13 4.3 CVE-2017-18613
MISC
MISC typomedia — wordpress_meta_robots The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.2019-09-20 6.5 CVE-2015-9400
MISC
MISC
MISC usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.2019-09-20 6.8 CVE-2015-9394
MISC
MISC usersultra — users_ultra_membership The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
2019-09-20 6.5 CVE-2015-9395
MISC
MISC
MISC vmware — vcenter_server VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration.An attacker with physical access or an ability to mimic a websocket connection to a user?s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.2019-09-18 5.8 CVE-2019-5531
CONFIRM vmware — vcenter_server VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF.A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).2019-09-18 4.0 CVE-2019-5532
MISC
CONFIRM vmware — vcenter_server VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine’s vAppConfig properties.A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
2019-09-18 4.0 CVE-2019-5534
MISC
CONFIRM webkul — bagisto In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.2019-09-18 6.5 CVE-2019-16403
MISC webmaster-source — gocodes The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
2019-09-20 6.5 CVE-2015-9398
MISC
MISC
MISC woocommerce — persian_woocommerce_sms The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.2019-09-17 4.3 CVE-2016-10987
MISC
MISC
MISC wp-kama — kama_click_counter The kama-clic-counter plugin before 3.5.0 for WordPress has XSS.2019-09-13 4.3 CVE-2017-18615
MISC wp-piwik_project — wp-piwik The wp-piwik plugin before 1.0.5 for WordPress has XSS.2019-09-20 4.3 CVE-2015-9405
MISC
MISC
MISC wpcerber — cerber_security_antispam_&_malware_scan The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.
2019-09-17 4.3 CVE-2016-10990
MISC
MISC yourinspirationweb — beauty-premium The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.2019-09-20 4.3 CVE-2016-10997
MISC
EXPLOIT-DB zulip — zulip_server The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking.A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.2019-09-18 4.0 CVE-2019-16215
CONFIRM
CONFIRM Back to beego — beego The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.2019-09-16 1.9 CVE-2019-16354
MISC beego — beego The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.2019-09-16 2.1 CVE-2019-16355
MISC bludit — bludit In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field.NOTE: this may overlap CVE-2017-16636.2019-09-15 3.5 CVE-2019-16334
MISC freeipa — freeipa A flaw was found in FreeIPA versions 4.5.0 and later.
Session cookies were retained in the cache after logout.An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.2019-09-17 2.1 CVE-2019-14826
CONFIRM get-simple — getsimple_cms GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.2019-09-15 3.5 CVE-2019-16333
MISC ibm — cognos_analytics IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting.
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.IBM X-Force ID: 161421.2019-09-17 3.5 CVE-2019-4342
XF
CONFIRM ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting.This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
IBM X-Force ID: 160203.2019-09-17 3.5 CVE-2019-4270
XF
CONFIRM ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability.IBM X-Force ID: 160243.2019-09-17 3.5 CVE-2019-4271
XF
CONFIRM intel — 3106_firmware A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.2019-09-16 2.9 CVE-2019-11184
MISC
CONFIRM
CONFIRM linux — linux_kernel In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users’ processes via a Facility Unavailable exception.
To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers.At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.2019-09-13 3.6 CVE-2019-15030
MISC
MISC
UBUNTU linux — linux_kernel In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users’ processes via an interrupt.
To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers.At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.
2019-09-13 3.6 CVE-2019-15031
MISC
MISC
UBUNTU mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.2019-09-20 3.5 CVE-2015-9389
MISC
MISC niushop — niushop NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.2019-09-14 3.5 CVE-2019-16310
MISC scoreme_project — scoreme The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.2019-09-17 3.5 CVE-2016-10993
MISC solaplugins — sola_support_tickets The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.2019-09-20 3.5 CVE-2016-11012
MISC
MISC symantec — norton_password_manager Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
2019-09-17 2.1 CVE-2019-12755
CONFIRM usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.2019-09-20 3.5 CVE-2015-9392
MISC
MISC
MISC usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.2019-09-20 3.5 CVE-2015-9393
MISC
MISC webcraftic — woody_ad_snippets The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.2019-09-13 3.5 CVE-2019-16289
MISC
MISC
MISC webmaster-source — gocodes The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.2019-09-20 3.5 CVE-2015-9397
MISC
MISC
MISC websimon-tables_project — websimon-tables The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.
2019-09-20 3.5 CVE-2015-9401
MISC
MISC
MISC zrlog — zrlog An issue was discovered in ZrLog 2.1.1.There is a Stored XSS vulnerability in the article_edit area.2019-09-20 3.5 CVE-2019-16643
MISC zulip — zulip_server Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files.A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users.
On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11.On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself.
2019-09-18 3.5 CVE-2019-16216
CONFIRM
CONFIRM Back to 3s-smart_software_solutions — codesys_web_server CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.2019-09-13 not yet calculated CVE-2019-13532
MISC 3s-smart_software_solutions — codesys_web_server CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.2019-09-13 not yet calculated CVE-2019-13548
MISC 3s-smart_sofware_solutions — codesys_opc_ua_server 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.2019-09-17 not yet calculated CVE-2019-13542
MISC 3s-smart_sofware_solutions — codesys_products An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 .Crafted network packets cause the Control Runtime to crash.2019-09-17 not yet calculated CVE-2019-9009
MISC arubanetworks — arubaos A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system.
A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged.This vulnerability only affects ArubaOS 8.x.2019-09-13 not yet calculated CVE-2019-5315
CONFIRM cobham — sea_tel_devices Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel’s latitude and longitude, via the public SNMP community.
2019-09-15 not yet calculated CVE-2019-16320
MISC draytek — vigor2925_devices On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS.NOTE: this is an end-of-life product.2019-09-20 not yet calculated CVE-2019-16533
MISC draytek — vigor2925_devices On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen.
NOTE: this is an end-of-life product.2019-09-20 not yet calculated CVE-2019-16534
MISC embedthis — goahead An issue was discovered in Embedthis GoAhead 2.5.0.Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker.
This could potentially be used in a phishing attack.2019-09-20 not yet calculated CVE-2019-16645
MISC eq-3 — homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.2019-09-17 not yet calculated CVE-2019-16199
MISC f5 — big-ip F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.2019-09-20 not yet calculated CVE-2019-6649
CONFIRM f5 — big-ip F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
2019-09-20 not yet calculated CVE-2019-6650
CONFIRM ffjpeg — ffjpeg ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.2019-09-16 not yet calculated CVE-2019-16351
MISC ffjpeg — ffjpeg ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.2019-09-16 not yet calculated CVE-2019-16350
MISC ffjpeg — ffjpeg ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.2019-09-16 not yet calculated CVE-2019-16352
MISC firegiant — wix_toolset An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2.Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
2019-09-19 not yet calculated CVE-2019-16511
MISC
MISC
MISC forcepoint — vpn_client_for_windows Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unQuote: d search path vulnerability.This enables local privilege escalation to SYSTEM user.By default, only local administrators can write executables to the vulnerable directories.Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.2019-09-20 not yet calculated CVE-2019-6145
CONFIRM gila_cms — gila_cms Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.2019-09-21 not yet calculated CVE-2019-16679
MISC
MISC gitlab — omnibus An issue was discovered in GitLab Omnibus 7.4 through 12.2.1.
An unsafe interaction with logrotate could result in a privilege escalation 2019-09-16 not yet calculated CVE-2019-15741
MISC gnome — file-roller An issue was discovered in GNOME file-roller before 3.29.91.It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.2019-09-21 not yet calculated CVE-2019-16680
MISC
MISC
MISC idreamsoft — icms An issue was discovered in idreamsoft iCMS V7.0.admincp.php?app=members&do=del allows CSRF.2019-09-21 not yet calculated CVE-2019-16677
MISC joyplus — joyplus-cms joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.2019-09-21 not yet calculated CVE-2019-16655
MISC joyplus — joyplus-cms joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.2019-09-21 not yet calculated CVE-2019-16660
MISC joyplus — joyplus-cms joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.2019-09-21 not yet calculated CVE-2019-16656
MISC linux — linux_kernel There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
2019-09-20 not yet calculated CVE-2019-14814
MLIST
MISC
CONFIRM
MISC
FEDORA
FEDORA
MISC linux — linux_kernel There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.2019-09-20 not yet calculated CVE-2019-14816
MLIST
MISC
CONFIRM
MISC
FEDORA
FEDORA
MISC mautic — mautic An issue was discovered in Mautic 2.13.1.It has Stored XSS via the company name field.2019-09-20 not yet calculated CVE-2018-11200
CONFIRM node.js — node.js The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.2019-09-20 not yet calculated CVE-2019-15138
MISC ogma_cms — ogma_cms Ogma CMS 0.5 has XSS via creation of a new blog.2019-09-21 not yet calculated CVE-2019-16661
MISC pagekit — pagekit The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.2019-09-21 not yet calculated CVE-2019-16669
MISC pivotal — application_service Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations.A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.
2019-09-20 not yet calculated CVE-2019-11280
CONFIRM prise — adas An issue was discovered in PRiSE adAS 1.7.0.The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.2019-09-20 not yet calculated CVE-2019-14914
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.Certificate data are not properly escaped.This leads to XSS when submitting a rogue certificate.2019-09-20 not yet calculated CVE-2019-14915
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.A file’s format is not properly checked, leading to an unrestricted file upload.2019-09-20 not yet calculated CVE-2019-14916
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.
The OPENSSO module does not properly escape output on error, leading to reflected XSS.2019-09-20 not yet calculated CVE-2019-14911
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.Log data are not properly escaped, leading to persistent XSS in the administration panel.2019-09-20 not yet calculated CVE-2019-14913
MISC
MISC prise — adas An issue was discovered in PRiSE adAS 1.7.0.The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.2019-09-20 not yet calculated CVE-2019-14912
MISC
MISC prospecta — master_data_online Prospecta Master Data Online (MDO) allows CSRF.
2019-09-20 not yet calculated CVE-2018-17789
MISC schneider_electric — apc_ups_network_management_card_2 A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.2019-09-17 not yet calculated CVE-2018-7820
CONFIRM schneider_electric — modicon_m580_and_m340_controllers A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.2019-09-17 not yet calculated CVE-2019-6829
CONFIRM schneider_electric — modicon_m580_controllers A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.2019-09-17 not yet calculated CVE-2019-6830
CONFIRM schneider_electric — spacelynk_and_wiser_for_knx A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 – formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.2019-09-17 not yet calculated CVE-2019-6832
CONFIRM schneider_electric — u.motion_server A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.2019-09-17 not yet calculated CVE-2019-6840
CONFIRM schneider_electric — u.motion_server A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.
2019-09-17 not yet calculated CVE-2019-6835
CONFIRM schneider_electric — u.motion_server A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.2019-09-17 not yet calculated CVE-2019-6837
CONFIRM schneider_electric — u.motion_server An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file.2019-09-17 not yet calculated CVE-2019-6836
CONFIRM schneider_electric — u.motion_server An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file.
2019-09-17 not yet calculated CVE-2019-6838
CONFIRM schneider_electric — u.motion_server An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file.
2019-09-17 not yet calculated CVE-2019-6839
CONFIRM siemens — simatic_tdc_cp51m1 A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7).An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet.The vulnerability affects the UDP communication of the device.The security vulnerability could be exploited without authentication.No user interaction is required to exploit this security vulnerability.Successful exploitation of the security vulnerability compromises availability of the targeted system.At the time of advisory publication no public exploitation of this security vulnerability was known.2019-09-13 not yet calculated CVE-2019-10937
MISC supermicro -- multiple_products On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices.
Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.2019-09-20 not yet calculated CVE-2019-16649
MISC
MISC
MISC supermicro — x10_and_x11_products On Supermicro X10 and X11 products, a client’s access privileges may be transferred to a different client that later has the same socket file descriptor number.In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.2019-09-20 not yet calculated CVE-2019-16650
MISC
MISC
MISC thinksaas — thinksaas An issue was discovered in ThinkSAAS 2.91.There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.2019-09-21 not yet calculated CVE-2019-16665
MISC thinksaas — thinksaas
An issue was discovered in ThinkSAAS 2.91.There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.2019-09-21 not yet calculated CVE-2019-16664
MISC topcon_positioning — net-g5_gnss_receiver_devices An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2.
The web interface of the product is protected by a login.A guest is allowed to login.Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user.The same procedure allows a regular user to gain administrative privileges.
The guest login is possible in the default configuration.2019-09-20 not yet calculated CVE-2019-11326
MISC topcon_positioning — net-g5_gnss_receiver_devices An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2.
The web interface of the product has a local file inclusion vulnerability.An attacker with administrative privileges can craft a special URL to read arbitrary files from the device’s files system.
2019-09-20 not yet calculated CVE-2019-11327
MISC tuzicms — tuzicms TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.2019-09-21 not yet calculated CVE-2019-16658
MISC tuzicms — tuzicms TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.2019-09-21 not yet calculated CVE-2019-16657
MISC tuzicms — tuzicms TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.2019-09-21 not yet calculated CVE-2019-16659
MISC valve — counter-strike:global_offensive vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.
2019-09-19 not yet calculated CVE-2019-15943
MISC
CONFIRM vmware — esxi_and_workstation_and_fusion VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality.Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host.Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled.It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
2019-09-20 not yet calculated CVE-2019-5521
MISC
CONFIRM wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.2019-09-20 not yet calculated CVE-2016-11008
MISC
MISC
MISC wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.2019-09-20 not yet calculated CVE-2016-11010
MISC
MISC
MISC wordpress — wordpress The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.2019-09-20 not yet calculated CVE-2016-11004
MISC
MISC wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.2019-09-20 not yet calculated CVE-2016-11009
MISC
MISC
MISC wordpress — wordpress The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.2019-09-20 not yet calculated CVE-2014-10397
MISC wordpress — wordpress The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.2019-09-20 not yet calculated CVE-2016-11002
MISC
MISC wordpress — wordpress The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.2019-09-20 not yet calculated CVE-2016-11001
MISC
MISC wordpress — wordpress The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.
2019-09-16 not yet calculated CVE-2016-10964
MISC
MISC wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.2019-09-20 not yet calculated CVE-2016-11007
MISC
MISC
MISC wordpress — wordpress The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.2019-09-20 not yet calculated CVE-2016-11003
MISC
MISC wordpress — wordpress The Quote: s-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=Quote: s-collection page parameter.2019-09-13 not yet calculated CVE-2016-10952
MISC
MISC
MISC wordpress — wordpress The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
2019-09-20 not yet calculated CVE-2015-9402
MISC
MISC
MISC wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.2019-09-20 not yet calculated CVE-2016-11006
MISC
MISC
MISC wordpress — wordpress The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.2019-09-20 not yet calculated CVE-2015-9387
MISC
MISC wordpress — wordpress The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.2019-09-16 not yet calculated CVE-2016-10960
MISC
MISC wordpress — wordpress In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
2019-09-15 not yet calculated CVE-2019-16332
MISC
MISC
MISC
MISC wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.2019-09-20 not yet calculated CVE-2016-11011
MISC
MISC
MISC wordpress — wordpress The Quote: s-and-tips plugin before 1.20 for WordPress has XSS.2019-09-20 not yet calculated CVE-2015-9385
MISC
MISC wordpress — wordpress The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.2019-09-16 not yet calculated CVE-2016-10961
MISC wordpress — wordpress The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
2019-09-20 not yet calculated CVE-2015-9388
MISC
MISC wordpress — wordpress The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.2019-09-20 not yet calculated CVE-2015-9390
MISC
MISC wordpress — wordpress Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a ..
(dot dot) in the files parameter to css/css.php.2019-09-20 not yet calculated CVE-2015-9406
MISC wordpress — wordpress The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.2019-09-13 not yet calculated CVE-2016-10949
MISC wordpress — wordpress The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.
2019-09-20 not yet calculated CVE-2014-10396
MISC yzmcms — yzmcms admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.2019-09-21 not yet calculated CVE-2019-16678
MISC zhejiang_dahua_technology — ip_camera_devices The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets.Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
2019-09-18 not yet calculated CVE-2019-9677
CONFIRM zhejiang_dahua_technology — ip_camera_devices Some Dahua products have the problem of denial of service during the login process.An attacker can cause a device crashed by constructing a malicious packet.Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.2019-09-18 not yet calculated CVE-2019-9678
CONFIRM zhejiang_dahua_technology — ip_camera_devices Some of Dahua’s Debug functions do not have permission separation.
Low-privileged users can use the Debug function after logging in.Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.2019-09-18 not yet calculated CVE-2019-9679
CONFIRM zhejiang_dahua_technology — ip_camera_devices Some Dahua products have information leakage issues.Attackers can obtain the IP address and device model information of the device by constructing malicious data packets.Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.2019-09-18 not yet calculated CVE-2019-9680
CONFIRM zhejiang_dahua_technology — ip_camera_devices Online upgrade information in some firmware packages of Dahua products is not encrypted.Attackers can obtain this information by analyzing firmware packages by specific means.
Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
2019-09-17 not yet calculated CVE-2019-9681
CONFIRM Back .
