Vulnerability Summary for the Week of December 2, 2019
Released
Dec 09, 2019
Document ID
SB19-343
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| embedthis -- goahead | An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server. | 2019-12-03 | 7.5 | CVE-2019-5096 MISC |
| titanhq -- webtitan | An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access. | 2019-12-02 | 7.2 | CVE-2019-19014 MISC MISC |
| titanhq -- webtitan | An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code. | 2019-12-02 | 10 | CVE-2019-19015 MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accusoft -- imagegear | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability. | 2019-12-03 | 6.8 | CVE-2019-5076 MISC |
| accusoft -- imagegear | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 2019-12-03 | 6.8 | CVE-2019-5083 MISC |
| accusoft -- imagegear | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 2019-12-03 | 6.8 | CVE-2019-5132 MISC |
| accusoft -- imagegear | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 2019-12-03 | 6.8 | CVE-2019-5133 MISC |
| debian -- devscripts | An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. | 2019-12-03 | 6.5 | CVE-2013-7325 MISC MISC MISC |
| embedthis -- goahead | A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server. | 2019-12-03 | 5 | CVE-2019-5097 MISC |
| forma -- forma.lms | Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | 2019-12-03 | 6.5 | CVE-2019-5109 MISC |
| forma -- forma.lms | Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | 2019-12-03 | 6.5 | CVE-2019-5110 MISC |
| forma -- forma.lms | Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | 2019-12-03 | 6.5 | CVE-2019-5111 MISC |
| forma -- forma.lms | Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | 2019-12-03 | 6.5 | CVE-2019-5112 MISC |
| fusionpbx -- fusionpbx | A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | 2019-11-29 | 4.3 | CVE-2019-19388 MISC MISC |
| fusionpbx -- fusionpbx | A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. | 2019-11-29 | 4.3 | CVE-2019-19384 MISC MISC |
| fusionpbx -- fusionpbx | A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. | 2019-11-29 | 4.3 | CVE-2019-19385 MISC MISC |
| fusionpbx -- fusionpbx | A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | 2019-11-29 | 4.3 | CVE-2019-19387 MISC MISC |
| fusionpbx -- fusionpbx | A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | 2019-11-29 | 4.3 | CVE-2019-19386 MISC MISC |
| huawei -- multiple_home_routers | Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege. | 2019-11-29 | 4.6 | CVE-2019-5269 CONFIRM |
| huawei -- nova_5i_pro_and_nova_5_smartphones | Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. | 2019-11-29 | 4.4 | CVE-2019-5210 CONFIRM |
| huawei -- p30_and_mate_20_and_p30_pro_smartphones | P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution. | 2019-11-29 | 6.8 | CVE-2019-5225 CONFIRM |
| libgwenhywfar -- libgwenhywfar | An issue exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | 2019-12-03 | 5 | CVE-2015-7542 MISC MISC MISC MISC MISC |
| linux -- linux_kernel | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. | 2019-11-29 | 6.8 | CVE-2019-19378 MISC |
| linux -- linux_kernel | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | 2019-11-29 | 6.8 | CVE-2019-19377 MISC |
| piwigo -- piwigo | piwigo has XSS in password.php | 2019-12-02 | 4.3 | CVE-2012-4525 MISC MISC MISC MISC MISC |
| piwigo -- piwigo | piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) | 2019-12-02 | 4.3 | CVE-2012-4526 MISC MISC MISC MISC MISC |
| shadowsocks -- shadowsocks-libev | An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. | 2019-12-03 | 4.3 | CVE-2019-5163 MISC |
| shadowsocks -- shadowsocks-libev | An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. | 2019-12-03 | 4.6 | CVE-2019-5164 MISC |
| testlink -- testlink | TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. | 2019-12-02 | 4.3 | CVE-2019-19491 MISC |
| titanhq -- webtitan | An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database. | 2019-12-02 | 5 | CVE-2019-19016 MISC MISC |
| wireshark -- wireshark | In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. | 2019-12-05 | 5 | CVE-2019-19553 MISC MISC MISC |
| wordpress -- wordpress | The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks. | 2019-12-04 | 4.3 | CVE-2019-19133 MISC MISC MISC |
| wso2 -- enterprise_integrator | In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console. | 2019-12-05 | 4.3 | CVE-2019-19587 MISC |
| zanata -- zanata | Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | 2019-12-03 | 6.8 | CVE-2013-4486 MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| gitbook -- gitbook | GitBook through 2.6.9 allows XSS via a local .md file. | 2019-12-05 | 3.5 | CVE-2019-19596 MISC |
| gnupg -- libgcrypt_and_gnupg | Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. | 2019-11-29 | 1.9 | CVE-2014-3591 MISC MISC MISC MISC MISC |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774. | 2019-12-03 | 2.1 | CVE-2019-4465 XF CONFIRM |
| qnap-- qts | A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. | 2019-12-04 | 3.5 | CVE-2019-7197 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 10-strike_software -- free_photo_viewer | Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry. | 2019-11-30 | not yet calculated | CVE-2019-19468 MISC |
| allied_telesis -- at-gs950/8_devices | A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. | 2019-11-29 | not yet calculated | CVE-2019-18922 MISC FULLDISC MISC |
| amd -- atidxx64.dll_driver | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | 2019-12-05 | not yet calculated | CVE-2019-5098 MISC |
anhui_huami_information_technology -- mi_fit_application | The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. | 2019-11-30 | not yet calculated | CVE-2019-19463 MISC |
| apache -- olingo | The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks. | 2019-12-04 | not yet calculated | CVE-2019-17554 MLIST |
| apache -- olingo | The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack. | 2019-12-04 | not yet calculated | CVE-2019-17555 MLIST |
| apache -- olingo | Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case. | 2019-12-04 | not yet calculated | CVE-2019-17556 MLIST |
| armeria -- armeria | Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking. | 2019-12-06 | not yet calculated | CVE-2019-16771 MISC CONFIRM |
| autodesk -- desktop_application | DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system. | 2019-12-03 | not yet calculated | CVE-2019-7365 CONFIRM |
| autodesk -- fbx_software_development_kit | Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system. | 2019-12-03 | not yet calculated | CVE-2019-7366 CONFIRM |
| autodesk -- desktop_application | DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system. | 2019-12-03 | not yet calculated | CVE-2019-7365 CONFIRM |
| autodesk -- fbx_software_development_kit | Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system. | 2019-12-03 | not yet calculated | CVE-2019-7366 CONFIRM |
| aviatrix -- vpn_client | Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. | 2019-12-05 | not yet calculated | CVE-2019-17388 MISC MISC MISC |
| aviatrix -- vpn_client | An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS. | 2019-12-05 | not yet calculated | CVE-2019-17387 MISC MISC MISC |
| axtls -- axtls | process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. | 2019-12-03 | not yet calculated | CVE-2019-9689 MISC MISC |
| cbc -- cbc_gem_application_for_android | The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. | 2019-11-30 | not yet calculated | CVE-2019-19464 MISC |
| chkstat -- chkstat | The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges. | 2019-12-05 | not yet calculated | CVE-2019-3690 CONFIRM |
| chkstat -- chkstat | The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges. | 2019-12-05 | not yet calculated | CVE-2019-3690 CONFIRM |
| ckeditor -- ckeditor | pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 for CKEditor mishandles certain characters in pathnames. | 2019-12-02 | not yet calculated | CVE-2019-19502 MISC MISC MISC MISC |
| d-link -- dap-1860_devices
| D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function. | 2019-12-05 | not yet calculated | CVE-2019-19598 MISC MISC |
| d-link -- dap-1860_devices | D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | 2019-12-05 | not yet calculated | CVE-2019-19597 MISC MISC |
| daps -- daps | An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0. | 2019-12-04 | not yet calculated | CVE-2019-16752 MISC |
| daps -- daps | An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0. | 2019-12-04 | not yet calculated | CVE-2019-16753 MISC |
| davical -- davical | A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user. | 2019-12-04 | not yet calculated | CVE-2019-18346 MISC MISC MISC |
| davical -- davical | A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email. | 2019-12-04 | not yet calculated | CVE-2019-18347 MISC MISC MISC |
| dell -- command_update | Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. | 2019-12-03 | not yet calculated | CVE-2019-3750 MISC |
| dell -- command_update | Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. | 2019-12-03 | not yet calculated | CVE-2019-3749 MISC |
| dell -- command_configure | Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system. | 2019-12-06 | not yet calculated | CVE-2019-18575 MISC |
| dell -- command_update | Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. | 2019-12-03 | not yet calculated | CVE-2019-3750 MISC |
| dell -- command_update | Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. | 2019-12-03 | not yet calculated | CVE-2019-3749 MISC |
| dell -- rsa_authentication_manager_software | RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser. | 2019-12-03 | not yet calculated | CVE-2019-18574 MISC |
| django -- django | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) | 2019-12-02 | not yet calculated | CVE-2019-19118 MLIST MISC MISC CONFIRM |
| documize -- documize | domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS. | 2019-12-06 | not yet calculated | CVE-2019-19619 MISC MISC MISC |
| documize -- documize | domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS. | 2019-12-06 | not yet calculated | CVE-2019-19619 MISC MISC MISC |
| ezmaster -- exmaster | The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root) | 2019-11-29 | not yet calculated | CVE-2019-16767 MISC MISC CONFIRM |
| freeswitch -- freeswitch | FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | 2019-12-02 | not yet calculated | CVE-2019-19492 MISC |
| fronius -- solar_inverter_devices | admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal. | 2019-12-04 | not yet calculated | CVE-2019-19229 MISC MISC MISC |
| fronius -- solar_inverter_devices | Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file. | 2019-12-04 | not yet calculated | CVE-2019-19228 MISC MISC MISC |
| gnome -- dia | When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. | 2019-11-29 | not yet calculated | CVE-2019-19451 MISC |
| google -- android | In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796 | 2019-12-06 | not yet calculated | CVE-2019-2217 MISC |
| google -- android
| In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | 2019-12-06 | not yet calculated | CVE-2019-9464 MISC |
| google -- android | In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986 | 2019-12-06 | not yet calculated | CVE-2019-2224 MISC |
| google -- android | In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 | 2019-12-06 | not yet calculated | CVE-2019-2223 MISC |
| google -- android | In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 | 2019-12-06 | not yet calculated | CVE-2019-2221 MISC |
| google -- android | In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 | 2019-12-06 | not yet calculated | CVE-2019-2227 MISC |
| google -- android | In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 | 2019-12-06 | not yet calculated | CVE-2019-2226 MISC |
| google -- android | When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 | 2019-12-06 | not yet calculated | CVE-2019-2225 MISC |
| google -- android | n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 | 2019-12-06 | not yet calculated | CVE-2019-2222 MISC |
| google -- android | In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 | 2019-12-06 | not yet calculated | CVE-2019-2230 MISC |
| google -- android | In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 | 2019-12-06 | not yet calculated | CVE-2019-2220 MISC |
| google -- android | In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698 | 2019-12-06 | not yet calculated | CVE-2019-2219 MISC |
| google -- android | In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173 | 2019-12-06 | not yet calculated | CVE-2019-2218 MISC |
| google -- android | In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555 | 2019-12-06 | not yet calculated | CVE-2019-2231 MISC |
| google -- android | In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678 | 2019-12-06 | not yet calculated | CVE-2019-2232 MISC |
| google -- android | In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 | 2019-12-06 | not yet calculated | CVE-2019-2229 MISC |
| google -- android | In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 | 2019-12-06 | not yet calculated | CVE-2019-2228 MISC |
| google -- android | In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 | 2019-12-06 | not yet calculated | CVE-2019-2221 MISC |
| google -- android | In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986 | 2019-12-06 | not yet calculated | CVE-2019-2224 MISC |
| google -- android | When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 | 2019-12-06 | not yet calculated | CVE-2019-2225 MISC |
| google -- android | In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 | 2019-12-06 | not yet calculated | CVE-2019-2223 MISC |
| google -- android | In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 | 2019-12-06 | not yet calculated | CVE-2019-2229 MISC |
| google -- android | In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 | 2019-12-06 | not yet calculated | CVE-2019-2230 MISC |
| google -- android | In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555 | 2019-12-06 | not yet calculated | CVE-2019-2231 MISC |
| google -- android | In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678 | 2019-12-06 | not yet calculated | CVE-2019-2232 MISC |
| google -- android | n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 | 2019-12-06 | not yet calculated | CVE-2019-2222 MISC |
| google -- android | In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 | 2019-12-06 | not yet calculated | CVE-2019-2227 MISC |
| google -- android | In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 | 2019-12-06 | not yet calculated | CVE-2019-2220 MISC |
| google -- android | In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173 | 2019-12-06 | not yet calculated | CVE-2019-2218 MISC |
| google -- android | In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 | 2019-12-06 | not yet calculated | CVE-2019-2226 MISC |
| google -- android | In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796 | 2019-12-06 | not yet calculated | CVE-2019-2217 MISC |
| google -- android | In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 | 2019-12-06 | not yet calculated | CVE-2019-2228 MISC |
| google -- android | In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | 2019-12-06 | not yet calculated | CVE-2019-9464 MISC |
| google -- android | In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698 | 2019-12-06 | not yet calculated | CVE-2019-2219 MISC |
| harbor -- harbor | A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality. | 2019-12-03 | not yet calculated | CVE-2019-3990 CONFIRM MISC |
| harbor -- harbor | A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality. | 2019-12-03 | not yet calculated | CVE-2019-3990 CONFIRM MISC |
| hashicorp -- terraform | When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. | 2019-12-02 | not yet calculated | CVE-2019-19316 CONFIRM |
| huawei -- atlas_300_and_atlas_500 | Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. | 2019-11-29 | not yet calculated | CVE-2019-5247 CONFIRM |
| huawei -- band_2_and_honor_band_3 | There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. | 2019-11-29 | not yet calculated | CVE-2019-5218 CONFIRM |
| huawei -- hisuite_and_hwbackup | HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. | 2019-11-29 | not yet calculated | CVE-2019-5263 CONFIRM |
| huawei -- honor_play_smartphones | Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. | 2019-11-29 | not yet calculated | CVE-2019-5309 CONFIRM |
| huawei -- mate_20_rs_smartphones | Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. | 2019-11-29 | not yet calculated | CVE-2019-5308 CONFIRM |
| huawei -- multiple_home_routers | Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. | 2019-11-29 | not yet calculated | CVE-2019-5268 CONFIRM |
| huawei -- myna_smart_speaker | There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations. | 2019-11-29 | not yet calculated | CVE-2019-5271 CONFIRM |
| huawei -- p20_phones | The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. | 2019-11-29 | not yet calculated | CVE-2019-5211 CONFIRM |
| huawei -- p30_and_p30_pro_and_mate_20_smartphones
| P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. | 2019-11-29 | not yet calculated | CVE-2019-5227 CONFIRM |
| huawei -- p30_and_p30_pro_and_mate_20_smartphones | P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. | 2019-11-29 | not yet calculated | CVE-2019-5226 CONFIRM |
| huawei -- p30_smartphones | P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and information disclosure. | 2019-11-29 | not yet calculated | CVE-2019-5224 CONFIRM |
| huawei -- share | There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure. | 2019-11-29 | not yet calculated | CVE-2019-5212 CONFIRM |
| huawei -- viewpoint_products | There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak. | 2019-11-29 | not yet calculated | CVE-2019-5232 CONFIRM |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243. | 2019-12-03 | not yet calculated | CVE-2019-4226 XF CONFIRM |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776. | 2019-12-03 | not yet calculated | CVE-2019-4467 XF CONFIRM |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777. | 2019-12-03 | not yet calculated | CVE-2019-4468 XF CONFIRM |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280. | 2019-12-03 | not yet calculated | CVE-2019-4130 XF CONFIRM |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020. | 2019-12-03 | not yet calculated | CVE-2019-4098 XF CONFIRM |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776. | 2019-12-03 | not yet calculated | CVE-2019-4467 XF CONFIRM |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280. | 2019-12-03 | not yet calculated | CVE-2019-4130 XF CONFIRM |
| ibm -- cloud_pak_system | IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020. | 2019-12-03 | not yet calculated | CVE-2019-4098 XF CONFIRM |
| intelbras -- iwr_3000n_devices | Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600. | 2019-12-05 | not yet calculated | CVE-2019-19007 MISC |
| kaspersky -- multiple_products | Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products | 2019-12-02 | not yet calculated | CVE-2019-15689 CONFIRM |
| kentico -- kentico | Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. | 2019-12-02 | not yet calculated | CVE-2019-19493 MISC |
| libyang -- libyang | In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. | 2019-12-06 | not yet calculated | CVE-2019-19333 CONFIRM CONFIRM |
| libyang -- libyang | In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. | 2019-12-06 | not yet calculated | CVE-2019-19334 CONFIRM CONFIRM |
| linux -- linux_kernel | fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. | 2019-12-05 | not yet calculated | CVE-2019-19602 MISC MISC MISC MISC MISC |
| linux -- linux_kernel | relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | 2019-11-30 | not yet calculated | CVE-2019-19462 MISC MISC MISC MISC MISC |
| litemanger -- litemanager | LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | 2019-12-02 | not yet calculated | CVE-2019-19490 MISC |
| max_secure -- anti_virus_plus | Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | 2019-12-03 | not yet calculated | CVE-2019-19382 MISC MISC |
| mcafee -- web_advisor | Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | 2019-12-03 | not yet calculated | CVE-2019-3665 CONFIRM |
| mcafee -- web_advisor | API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site. | 2019-12-03 | not yet calculated | CVE-2019-3666 CONFIRM |
| mcafee -- web_advisor | API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site. | 2019-12-03 | not yet calculated | CVE-2019-3666 CONFIRM |
| mcafee -- web_advisor | Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | 2019-12-03 | not yet calculated | CVE-2019-3665 CONFIRM |
| myphpadmin -- myphpadmin | phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | 2019-12-06 | not yet calculated | CVE-2019-19617 MISC MISC MLIST MISC |
| napc -- xinet_elegant_6_asset_library | NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. | 2019-12-02 | not yet calculated | CVE-2019-19245 MISC MISC |
| norton -- password_manager | Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. | 2019-12-05 | not yet calculated | CVE-2019-18381 CONFIRM |
| norton -- password_manager | Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. | 2019-12-05 | not yet calculated | CVE-2019-19546 CONFIRM |
| okaycms -- okaycms | In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison. | 2019-12-03 | not yet calculated | CVE-2019-16885 MISC FULLDISC MISC |
| omnios_community_edition -- omnios_community_edition | illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences. | 2019-11-29 | not yet calculated | CVE-2019-19396 MISC MISC |
| opencv -- opencv | An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. | 2019-12-06 | not yet calculated | CVE-2019-19624 MISC MISC |
| opencv -- opencv | An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. | 2019-12-06 | not yet calculated | CVE-2019-19624 MISC MISC |
| opendetex -- opendetex | OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf. | 2019-12-05 | not yet calculated | CVE-2019-19601 MISC |
| opensc -- opensc | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | 2019-12-01 | not yet calculated | CVE-2019-19481 MISC MISC |
| openwrt_project -- openwrt | OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | 2019-12-03 | not yet calculated | CVE-2019-18993 CONFIRM |
| openwrt_project -- openwrt | OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). | 2019-12-03 | not yet calculated | CVE-2019-18992 CONFIRM |
| otrs -- otrs_community_edition_and_otrs | Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions. | 2019-12-05 | not yet calculated | CVE-2019-18180 CONFIRM |
| palo_alto_networks -- pan-os | An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. | 2019-12-05 | not yet calculated | CVE-2019-17437 CONFIRM |
| phpmyadmin -- phpmyadmin | phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | 2019-12-06 | not yet calculated | CVE-2019-19617 MISC MISC MLIST MISC |
| proftpd -- proftpd | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. | 2019-11-30 | not yet calculated | CVE-2019-19269 MISC MLIST FEDORA FEDORA |
| puma -- puma | In Puma before version 4.3.2, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. | 2019-12-05 | not yet calculated | CVE-2019-16770 CONFIRM |
| qnap -- music_station | This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator?s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. | 2019-12-05 | not yet calculated | CVE-2019-7185 CONFIRM |
| qnap -- netback_replicator | An unquoted service path vulnerability is reported to affect the service ?QVssService? in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108. | 2019-12-04 | not yet calculated | CVE-2019-7201 CONFIRM |
| qnap -- photo_station | This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. | 2019-12-05 | not yet calculated | CVE-2019-7195 CONFIRM |
| qnap -- photo_station | This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. | 2019-12-05 | not yet calculated | CVE-2019-7192 CONFIRM |
| qnap -- photo_station | This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. | 2019-12-05 | not yet calculated | CVE-2019-7194 CONFIRM |
| qnap -- qts | This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions. | 2019-12-05 | not yet calculated | CVE-2019-7183 CONFIRM |
| qnap -- qts | This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. | 2019-12-05 | not yet calculated | CVE-2019-7193 CONFIRM |
| qnap -- video_station | This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator?s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. | 2019-12-05 | not yet calculated | CVE-2019-7184 CONFIRM |
| rabbitmq-c -- rabbitmq-c | An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer. | 2019-12-01 | not yet calculated | CVE-2019-18609 MISC CONFIRM MLIST MISC UBUNTU |
| radare -- radare2 | In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. | 2019-12-05 | not yet calculated | CVE-2019-19590 MISC |
| reset.pro -- adobe_stock_api_integration_for_prestashop | reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file. | 2019-12-05 | not yet calculated | CVE-2019-19594 MISC |
| reset.pro -- adobe_stock_api_integration_for_prestashop | reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file. | 2019-12-05 | not yet calculated | CVE-2019-19595 MISC |
| ros -- sros | SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.) | 2019-12-06 | not yet calculated | CVE-2019-19627 MISC MISC MISC MISC MISC |
| ros -- sros | SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document. | 2019-12-06 | not yet calculated | CVE-2019-19625 MISC MISC |
| ros -- sros_2 | SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document. | 2019-12-06 | not yet calculated | CVE-2019-19625 MISC MISC |
| ros -- sros_2 | SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.) | 2019-12-06 | not yet calculated | CVE-2019-19627 MISC MISC MISC MISC MISC |
| salto -- proaccess_space | An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available. | 2019-12-03 | not yet calculated | CVE-2019-19460 MISC MISC |
| salto -- proaccess_space | An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server. | 2019-12-03 | not yet calculated | CVE-2019-19459 MISC MISC |
| salto -- proaccess_space | SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. | 2019-12-03 | not yet calculated | CVE-2019-19458 MISC MISC |
| salto -- proaccess_space | SALTO ProAccess SPACE 5.4.3.0 allows XSS. | 2019-12-03 | not yet calculated | CVE-2019-19457 MISC MISC |
| sangoma -- freepbx | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. | 2019-12-06 | not yet calculated | CVE-2019-19551 CONFIRM |
| sangoma -- freepbx | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account. | 2019-12-06 | not yet calculated | CVE-2019-19552 MISC |
| sceditor -- sceditor | SCEditor 2.1.3 allows XSS. | 2019-12-05 | not yet calculated | CVE-2019-19466 MISC MISC |
| secureworks -- red_cloak_windows_agent | In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a malicious file. | 2019-12-06 | not yet calculated | CVE-2019-19620 MISC MISC |
| securworks -- red_cloak_windows_agent | In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a malicious file. | 2019-12-06 | not yet calculated | CVE-2019-19620 MISC MISC |
| serialize-to-js -- serialize-to-js | The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. | 2019-12-07 | not yet calculated | CVE-2019-16772 MISC CONFIRM |
| shapeshift -- keykeep_hardware_wallet | Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB. | 2019-12-06 | not yet calculated | CVE-2019-18672 MISC MISC CONFIRM |
| shapeshift -- keykeep_hardware_wallet | Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes on the stack via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB. | 2019-12-06 | not yet calculated | CVE-2019-18671 MISC MISC CONFIRM |
| smplayer -- smplayer | SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. | 2019-12-02 | not yet calculated | CVE-2019-19489 MISC |
| sony -- catalyst_production_suite_and_catalyst_browse | In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Catalyst Browse through 2019.1 (1.1.0.21), an unprivileged user can obtain admin privileges, and execute a program as admin, after DLL hijacking of a DLL that is loaded during setup (installation). | 2019-12-04 | not yet calculated | CVE-2019-19364 MISC |
| sqlite -- sqlite | lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 2019-12-05 | not yet calculated | CVE-2019-19317 MISC MISC |
| strapi -- strapi | The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. | 2019-12-05 | not yet calculated | CVE-2019-19609 MISC MISC |
| sylius -- sylius | In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3. | 2019-12-05 | not yet calculated | CVE-2019-16768 MISC CONFIRM |
| teamviewer -- teamviewer | An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges. | 2019-12-02 | not yet calculated | CVE-2019-19362 MISC |
| thinkparq -- beegfs | beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks). | 2019-12-05 | not yet calculated | CVE-2019-15897 MISC MISC MISC |
| titanhq -- webtitan | An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product. | 2019-12-02 | not yet calculated | CVE-2019-19019 MISC MISC |
| titanhq -- webtitan | An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. | 2019-12-02 | not yet calculated | CVE-2019-19017 MISC MISC |
| titanhq -- webtitan | An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. | 2019-12-02 | not yet calculated | CVE-2019-19021 MISC MISC |
| titanhq -- webtitan | An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account. | 2019-12-02 | not yet calculated | CVE-2019-19020 MISC MISC |
| titanhq -- webtitan | An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using. | 2019-12-02 | not yet calculated | CVE-2019-19018 MISC MISC |
| trustedsec -- trevorc2 | TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY". | 2019-12-04 | not yet calculated | CVE-2019-18850 MISC MISC |
| validators -- validators | The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6. | 2019-12-05 | not yet calculated | CVE-2019-19588 MISC |
| validators -- validators | The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6. | 2019-12-05 | not yet calculated | CVE-2019-19588 MISC |
| verot -- class.upload.php | class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. | 2019-12-04 | not yet calculated | CVE-2019-19576 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| vmware -- esxi_and_horizon_daas | OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. | 2019-12-06 | not yet calculated | CVE-2019-5544 CONFIRM |
| wagtail-2fa -- wagtail-2fa | When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0. | 2019-11-29 | not yet calculated | CVE-2019-16766 MISC MISC CONFIRM |
| weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. | 2019-12-06 | not yet calculated | CVE-2019-16671 MISC MISC CONFIRM |
| weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | 2019-12-06 | not yet calculated | CVE-2019-16672 MISC MISC CONFIRM |
| weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network. | 2019-12-06 | not yet calculated | CVE-2019-16674 MISC MISC CONFIRM |
| weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. | 2019-12-06 | not yet calculated | CVE-2019-16673 MISC MISC CONFIRM |
| weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention. | 2019-12-06 | not yet calculated | CVE-2019-16670 MISC MISC MISC |
| wordpress -- wordpress | The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. | 2019-12-05 | not yet calculated | CVE-2019-19589 MISC MISC |
| xen -- xen | An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. | 2019-12-04 | not yet calculated | CVE-2019-19579 MLIST CONFIRM MISC MISC |
| xfig -- fig2dev | read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. | 2019-12-04 | not yet calculated | CVE-2019-19555 MISC |
| xtivia -- web_and_time_expense_interface_for_microsoft_dynamics_nav | An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function. | 2019-12-06 | not yet calculated | CVE-2019-19616 MISC |
| xtivia -- web_time_and_expense_interface_for_microsoft_dynamics_nav | An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function. | 2019-12-06 | not yet calculated | CVE-2019-19616 MISC |
| yahoo -- serialize-javascript | The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. | 2019-12-05 | not yet calculated | CVE-2019-16769 CONFIRM |
| zmanda -- zmanda_management_console | In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. | 2019-12-01 | not yet calculated | CVE-2019-19469 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.