Vulnerability Summary for the Week of July 29, 2019
Original release date: August 5, 2019
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System https://ift.tt/2GOEavx
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web -- photo_gallery | A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. | 2019-07-30 | 10.0 | CVE-2019-14313 MISC CONFIRM CONFIRM |
ahsay -- cloud_backup_suite | An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server. | 2019-07-26 | 7.8 | CVE-2019-10265 MISC |
ahsay -- cloud_backup_suite | An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication. | 2019-07-26 | 7.8 | CVE-2019-10266 MISC MISC |
ahsay -- cloud_backup_suite | An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator). | 2019-07-26 | 9.0 | CVE-2019-10267 MISC MISC MISC |
cpanel -- cpanel | cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | 2019-07-30 | 7.5 | CVE-2018-20863 CONFIRM |
cpanel -- cpanel | cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | 2019-07-30 | 7.2 | CVE-2018-20869 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | 2019-08-01 | 7.5 | CVE-2018-20887 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | 2019-07-30 | 7.2 | CVE-2019-14400 CONFIRM |
datagrid_project -- datagrid | The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 2019-07-26 | 7.5 | CVE-2019-14281 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. | 2019-07-31 | 7.5 | CVE-2019-14192 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. | 2019-07-31 | 7.5 | CVE-2019-14193 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. | 2019-07-31 | 7.5 | CVE-2019-14194 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. | 2019-07-31 | 7.5 | CVE-2019-14195 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. | 2019-07-31 | 7.5 | CVE-2019-14196 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. | 2019-07-31 | 7.5 | CVE-2019-14198 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. | 2019-07-31 | 7.5 | CVE-2019-14199 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. | 2019-07-31 | 7.5 | CVE-2019-14200 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. | 2019-07-31 | 7.5 | CVE-2019-14201 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. | 2019-07-31 | 7.5 | CVE-2019-14202 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. | 2019-07-31 | 7.5 | CVE-2019-14203 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. | 2019-07-31 | 7.5 | CVE-2019-14204 MISC MISC |
discourse -- discourse | Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via an email link. | 2019-07-29 | 7.5 | CVE-2019-1020018 MISC MISC |
libmodbus -- libmodbus | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. | 2019-07-31 | 7.5 | CVE-2019-14462 MISC MISC |
libmodbus -- libmodbus | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. | 2019-07-31 | 7.5 | CVE-2019-14463 MISC MISC |
linux -- linux_kernel | In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. | 2019-07-27 | 7.5 | CVE-2007-6762 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. | 2019-07-27 | 7.5 | CVE-2010-5331 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access. | 2019-07-27 | 7.5 | CVE-2010-5332 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. | 2019-07-27 | 7.5 | CVE-2011-5327 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | 2019-07-27 | 7.5 | CVE-2012-6712 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. | 2019-07-27 | 7.5 | CVE-2015-9289 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead. | 2019-07-27 | 7.5 | CVE-2016-10764 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. | 2019-07-27 | 7.5 | CVE-2017-18379 MISC MISC |
simple_captcha2_project -- simple_captcha2 | The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 2019-07-26 | 7.5 | CVE-2019-14282 MISC MISC |
veritas -- resiliency_platform | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. | 2019-07-29 | 9.0 | CVE-2019-14416 MISC FULLDISC MISC |
veritas -- resiliency_platform | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. | 2019-07-29 | 9.0 | CVE-2019-14417 MISC FULLDISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ahsay -- cloud_backup_suite | An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account. | 2019-07-26 | 4.3 | CVE-2019-10263 MISC |
ahsay -- cloud_backup_suite | An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE. | 2019-07-26 | 6.5 | CVE-2019-10264 MISC |
ash-aio_project -- ash-aio | ASH-AIO before 2.0.0.3 allows an open redirect. | 2019-07-29 | 5.8 | CVE-2019-1020016 MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. | 2019-07-26 | 4.0 | CVE-2019-13385 MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege. | 2019-07-26 | 6.5 | CVE-2019-13386 MISC MISC |
centos-webpanel -- centos_web_panel | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. | 2019-07-26 | 4.3 | CVE-2019-13387 MISC MISC |
central_dogma_project -- central_dogma | Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2019-07-26 | 4.3 | CVE-2019-6002 JVN MISC |
cpanel -- cpanel | cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | 2019-07-30 | 6.4 | CVE-2018-20864 CONFIRM |
cpanel -- cpanel | cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | 2019-07-30 | 4.3 | CVE-2018-20865 CONFIRM |
cpanel -- cpanel | cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). | 2019-07-30 | 4.3 | CVE-2018-20866 CONFIRM |
cpanel -- cpanel | cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | 2019-07-30 | 5.8 | CVE-2018-20867 CONFIRM |
cpanel -- cpanel | cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). | 2019-07-30 | 4.3 | CVE-2018-20868 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). | 2019-08-01 | 6.5 | CVE-2018-20879 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | 2019-08-01 | 4.0 | CVE-2018-20883 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 2019-08-01 | 5.0 | CVE-2018-20885 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | 2019-08-01 | 4.3 | CVE-2018-20901 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | 2019-08-01 | 4.3 | CVE-2018-20903 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | 2019-08-01 | 4.3 | CVE-2018-20910 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | 2019-08-01 | 6.5 | CVE-2018-20911 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | 2019-08-01 | 6.5 | CVE-2018-20912 CONFIRM |
cpanel -- cpanel | In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | 2019-08-01 | 4.9 | CVE-2018-20914 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). | 2019-08-01 | 4.3 | CVE-2018-20918 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). | 2019-08-01 | 4.3 | CVE-2018-20919 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | 2019-08-01 | 4.3 | CVE-2018-20920 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). | 2019-08-01 | 4.3 | CVE-2018-20921 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). | 2019-08-01 | 4.3 | CVE-2018-20922 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). | 2019-08-01 | 4.3 | CVE-2018-20923 CONFIRM |
cpanel -- cpanel | cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | 2019-07-30 | 4.3 | CVE-2019-14387 MISC |
cpanel -- cpanel | cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). | 2019-07-30 | 5.0 | CVE-2019-14388 MISC |
cpanel -- cpanel | cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | 2019-07-30 | 6.5 | CVE-2019-14392 CONFIRM |
cpanel -- cpanel | cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). | 2019-07-30 | 4.6 | CVE-2019-14393 CONFIRM |
cpanel -- cpanel | cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | 2019-07-30 | 5.0 | CVE-2019-14397 CONFIRM |
cpanel -- cpanel | cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | 2019-07-30 | 6.5 | CVE-2019-14398 CONFIRM |
cpanel -- cpanel | The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | 2019-07-30 | 6.1 | CVE-2019-14399 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | 2019-07-30 | 6.5 | CVE-2019-14401 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | 2019-07-30 | 4.3 | CVE-2019-14403 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | 2019-07-30 | 4.9 | CVE-2019-14404 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). | 2019-07-30 | 6.5 | CVE-2019-14405 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | 2019-07-30 | 4.3 | CVE-2019-14406 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | 2019-07-30 | 4.0 | CVE-2019-14407 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | 2019-07-30 | 4.0 | CVE-2019-14408 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | 2019-07-30 | 5.0 | CVE-2019-14411 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | 2019-07-30 | 4.0 | CVE-2019-14413 CONFIRM |
craftcms -- craft_cms | In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public. | 2019-07-26 | 5.0 | CVE-2019-14280 MISC MISC |
custom_simple_rss_project -- custom_simple_rss | A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. | 2019-07-30 | 4.3 | CVE-2019-14327 MISC MISC |
denx -- u-boot | A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | 2019-07-29 | 6.4 | CVE-2019-13103 MISC MISC |
denx -- u-boot | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. | 2019-07-31 | 6.4 | CVE-2019-14197 MISC MISC |
discourse -- discourse | Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via a user-api OTP. | 2019-07-29 | 5.0 | CVE-2019-1020017 MISC MISC |
espocrm -- espocrm | An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code. | 2019-07-28 | 4.3 | CVE-2019-14329 MISC MISC MISC |
espocrm -- espocrm | An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | 2019-07-28 | 4.3 | CVE-2019-14330 MISC MISC MISC |
espocrm -- espocrm | An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | 2019-07-28 | 4.3 | CVE-2019-14331 MISC MISC MISC |
espocrm -- espocrm | EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this. | 2019-07-28 | 4.3 | CVE-2019-14349 MISC |
espocrm -- espocrm | EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. | 2019-07-28 | 4.3 | CVE-2019-14350 MISC |
espocrm -- espocrm | EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters. | 2019-07-28 | 4.0 | CVE-2019-14351 MISC |
exiv2 -- exiv2 | Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. | 2019-07-28 | 6.8 | CVE-2019-14368 MISC |
exiv2 -- exiv2 | Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. | 2019-07-28 | 4.3 | CVE-2019-14369 MISC |
exiv2 -- exiv2 | In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. | 2019-07-28 | 4.3 | CVE-2019-14370 MISC |
flif -- flif | An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file. | 2019-07-28 | 6.8 | CVE-2019-14373 MISC |
glyphandcog -- xpdfreader | An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case. | 2019-07-27 | 4.3 | CVE-2019-14288 MISC MISC |
glyphandcog -- xpdfreader | An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. | 2019-07-27 | 4.3 | CVE-2019-14289 MISC MISC |
glyphandcog -- xpdfreader | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. | 2019-07-27 | 4.3 | CVE-2019-14290 MISC MISC |
glyphandcog -- xpdfreader | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. | 2019-07-27 | 4.3 | CVE-2019-14291 MISC MISC |
glyphandcog -- xpdfreader | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. | 2019-07-27 | 4.3 | CVE-2019-14292 MISC MISC |
glyphandcog -- xpdfreader | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. | 2019-07-27 | 4.3 | CVE-2019-14293 MISC MISC |
glyphandcog -- xpdfreader | An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. | 2019-07-27 | 4.3 | CVE-2019-14294 MISC MISC |
google -- kubernetes_engine | Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | 2019-07-31 | 4.0 | CVE-2019-10365 MLIST MISC |
ibm -- daeja_viewone | IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620. | 2019-07-30 | 5.5 | CVE-2019-4456 XF CONFIRM |
ibm -- storediq | IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696. | 2019-07-31 | 4.0 | CVE-2019-4163 CONFIRM XF |
ibm -- storediq | IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698. | 2019-07-31 | 5.0 | CVE-2019-4165 CONFIRM XF |
icegram -- email_subscribers_&_newsletters | An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. | 2019-07-28 | 4.3 | CVE-2019-14364 MISC MISC |
inveniosoftware -- invenio-app | invenio-app before 1.1.1 allows host header injection. | 2019-07-29 | 5.8 | CVE-2019-1020006 CONFIRM |
inveniosoftware -- invenio-previewer | invenio-previewer before 1.0.0a12 allows XSS. | 2019-07-29 | 4.3 | CVE-2019-1020019 MISC |
jenkins -- configuration_as_code | Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins. | 2019-07-31 | 4.0 | CVE-2019-10344 MLIST MISC |
jenkins -- configuration_as_code | Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables. | 2019-07-31 | 5.5 | CVE-2019-10362 MLIST MISC |
jenkins -- configuration_as_code | Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. | 2019-07-31 | 4.0 | CVE-2019-10363 MLIST MISC |
jenkins -- m2release | A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. | 2019-07-31 | 6.8 | CVE-2019-10359 MLIST MISC |
jenkins -- maven | Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. | 2019-07-31 | 4.0 | CVE-2019-10358 MLIST MISC |
jenkins -- pipeline:shared_groovy_libraries | A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries. | 2019-07-31 | 4.0 | CVE-2019-10357 MLIST MISC |
jenkins -- script_security | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. | 2019-07-31 | 6.5 | CVE-2019-10355 MLIST MISC |
jenkins -- script_security | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 2019-07-31 | 6.5 | CVE-2019-10356 MLIST MISC |
jenkins -- skytap_cloud_ci | Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 2019-07-31 | 4.0 | CVE-2019-10366 MLIST MISC |
kolide -- fleet | Fleet before 2.1.2 allows exposure of SMTP credentials. | 2019-07-29 | 5.0 | CVE-2019-1020009 MISC |
libav -- libav | An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag. | 2019-07-28 | 4.3 | CVE-2019-14371 MISC |
libav -- libav | In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. | 2019-07-28 | 4.3 | CVE-2019-14372 MISC |
libav -- libav | An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. | 2019-07-30 | 4.3 | CVE-2019-14443 MISC |
libsdl -- sdl2_image | An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2019-07-31 | 6.8 | CVE-2019-5057 MISC |
libsdl -- sdl2_image | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2019-07-31 | 6.8 | CVE-2019-5058 MISC |
libsdl -- sdl2_image | An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2019-07-31 | 6.8 | CVE-2019-5059 MISC |
libslirp_project -- libslirp | ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. | 2019-07-29 | 6.5 | CVE-2019-14378 MLIST MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. | 2019-07-26 | 4.6 | CVE-2018-20854 MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | 2019-07-26 | 4.6 | CVE-2018-20856 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. | 2019-07-26 | 4.6 | CVE-2019-14283 MISC MISC MISC |
mcpp_project -- mcpp | MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. | 2019-07-26 | 4.3 | CVE-2019-14274 MISC |
misp -- misp | In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. | 2019-07-27 | 4.3 | CVE-2019-14286 MISC |
moodle -- moodle | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | 2019-07-31 | 6.8 | CVE-2019-10186 CONFIRM MISC |
moodle -- moodle | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. | 2019-07-31 | 4.0 | CVE-2019-10187 CONFIRM MISC |
moodle -- moodle | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz. | 2019-07-31 | 4.0 | CVE-2019-10188 CONFIRM CONFIRM |
moodle -- moodle | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. | 2019-07-31 | 4.0 | CVE-2019-10189 CONFIRM CONFIRM |
nats -- nats_server | An integer overflow in NATS Server 2.0.0 allows a remote attacker to crash the server by sending a crafted request. | 2019-07-29 | 5.0 | CVE-2019-13126 MISC MISC |
open.edx -- edx-platform | edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | 2019-07-29 | 6.5 | CVE-2015-5601 CONFIRM |
open.edx -- edx-platform | edx-platform before 2015-09-17 allows XSS via a team name. | 2019-07-29 | 4.3 | CVE-2015-6960 CONFIRM |
openmpt -- libopenmpt | libopenmpt before 0.3.13 allows a crash with malformed MED files. | 2019-07-30 | 4.3 | CVE-2018-20860 MISC |
openmpt -- libopenmpt | libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. | 2019-07-30 | 4.3 | CVE-2019-14380 MISC |
parseplatform -- parse-server | parse-server before 3.4.1 allows DoS after any POST to a volatile class. | 2019-07-29 | 5.0 | CVE-2019-1020012 MISC |
parseplatform -- parse-server | parse-server before 3.6.0 allows account enumeration. | 2019-07-29 | 5.0 | CVE-2019-1020013 MISC |
postgresql -- postgresql | A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). | 2019-07-30 | 4.0 | CVE-2019-10129 CONFIRM MISC |
pterodactyl -- panel | Pterodactyl before 0.7.14 with 2FA allows credential sniffing. | 2019-07-29 | 5.0 | CVE-2019-1020002 CONFIRM |
stacktable.js_project -- stacktable.js | stacktable.js before 1.0.4 allows XSS. | 2019-07-29 | 4.3 | CVE-2019-1020008 MISC |
sunhater -- kcfinder | A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. | 2019-07-27 | 4.3 | CVE-2019-14315 MISC |
testlink -- testlink | TestLink 1.9.19 has XSS via the error.php message parameter. | 2019-08-01 | 4.3 | CVE-2019-14471 MISC |
tridactyl_project -- tridactyl | Tridactyl before 1.16.0 allows fake key events. | 2019-07-29 | 5.0 | CVE-2019-1020004 MISC |
unity -- web_player | The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials | 2019-07-29 | 4.0 | CVE-2015-9288 CONFIRM |
upx_project -- upx | An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory. | 2019-07-27 | 4.3 | CVE-2019-14295 MISC |
upx_project -- upx | canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file. | 2019-07-27 | 6.8 | CVE-2019-14296 MISC |
wallaceit -- wallacepos | Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 2019-07-31 | 6.8 | CVE-2019-3959 MISC |
wikindx_project -- wikindx | A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX through 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. | 2019-07-26 | 4.3 | CVE-2019-13588 CONFIRM |
wpfastestcache -- wp_fastest_cache | The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header. | 2019-07-29 | 5.8 | CVE-2019-6726 MISC MISC MISC MISC MISC |
xfig_project -- fig2dev | Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. | 2019-07-26 | 4.3 | CVE-2019-14275 MISC |
yardoc -- yard | yard before 0.9.20 allows path traversal. | 2019-07-29 | 5.0 | CVE-2019-1020001 MISC |
zendesk -- samlr | Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by . and then the attacker's domain name. | 2019-07-26 | 5.0 | CVE-2018-20857 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cpanel -- cpanel | cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | 2019-07-30 | 2.1 | CVE-2018-20862 CONFIRM |
cpanel -- cpanel | The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | 2019-07-30 | 2.1 | CVE-2018-20870 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). | 2019-08-01 | 3.5 | CVE-2018-20875 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). | 2019-08-01 | 3.5 | CVE-2018-20876 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). | 2019-08-01 | 3.5 | CVE-2018-20877 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). | 2019-08-01 | 3.5 | CVE-2018-20878 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). | 2019-08-01 | 2.1 | CVE-2018-20880 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | 2019-08-01 | 3.5 | CVE-2018-20881 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). | 2019-08-01 | 3.5 | CVE-2018-20884 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | 2019-08-01 | 2.1 | CVE-2018-20902 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). | 2019-08-01 | 3.5 | CVE-2018-20913 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). | 2019-08-01 | 3.5 | CVE-2018-20915 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). | 2019-08-01 | 3.5 | CVE-2018-20916 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows any user to disable Solr (SEC-371). | 2019-08-01 | 2.1 | CVE-2018-20917 CONFIRM |
cpanel -- cpanel | cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | 2019-07-30 | 3.5 | CVE-2019-14386 MISC |
cpanel -- cpanel | cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). | 2019-07-30 | 2.1 | CVE-2019-14389 MISC |
cpanel -- cpanel | cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | 2019-07-30 | 3.5 | CVE-2019-14390 MISC |
cpanel -- cpanel | cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | 2019-07-30 | 2.1 | CVE-2019-14391 MISC |
cpanel -- cpanel | cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | 2019-07-30 | 2.1 | CVE-2019-14394 CONFIRM |
cpanel -- cpanel | cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | 2019-07-30 | 2.1 | CVE-2019-14395 CONFIRM |
cpanel -- cpanel | API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). | 2019-07-30 | 2.1 | CVE-2019-14396 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | 2019-07-30 | 2.1 | CVE-2019-14402 CONFIRM |
cpanel -- cpanel | cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | 2019-07-30 | 2.1 | CVE-2019-14409 CONFIRM |
cpanel -- cpanel | Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). | 2019-07-30 | 2.1 | CVE-2019-14410 CONFIRM |
cpanel -- cpanel | Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). | 2019-07-30 | 2.1 | CVE-2019-14412 CONFIRM |
cpanel -- cpanel | In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | 2019-07-30 | 2.1 | CVE-2019-14414 CONFIRM |
dependencytrack -- dependency-track | Dependency-Track before 3.5.1 allows XSS. | 2019-07-29 | 3.5 | CVE-2019-1020007 CONFIRM |
http-file-server_project -- http-file-server | Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | 2019-07-30 | 3.5 | CVE-2019-5458 MISC |
ibm -- websphere_application_server | IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513. | 2019-07-30 | 3.5 | CVE-2019-4285 XF CONFIRM |
inveniosoftware -- invenio-communities | invenio-communities before 1.0.0a20 allows XSS. | 2019-07-29 | 3.5 | CVE-2019-1020005 MISC |
inveniosoftware -- invenio-records | invenio-records before 1.2.2 allows XSS. | 2019-07-29 | 3.5 | CVE-2019-1020003 MISC |
jenkins -- configuration_as_code | Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. | 2019-07-31 | 2.1 | CVE-2019-10343 MLIST MISC |
jenkins -- configuration_as_code | Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | 2019-07-31 | 2.1 | CVE-2019-10345 MLIST MISC |
jenkins -- ec2 | Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. | 2019-07-31 | 2.1 | CVE-2019-10364 MLIST MISC |
jenkins -- m2_release | A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 2019-07-31 | 3.5 | CVE-2019-10360 MLIST MISC |
jenkins -- m2release | Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. | 2019-07-31 | 2.1 | CVE-2019-10361 MLIST MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | 2019-07-26 | 2.1 | CVE-2018-20855 MISC MISC MISC |
linux -- linux_kernel | In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. | 2019-07-26 | 2.1 | CVE-2019-14284 MISC MISC MISC |
microsoft -- outlook | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | 2019-07-29 | 3.5 | CVE-2019-1105 N/A |
min-http-server_project -- min-http-server | Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | 2019-07-30 | 3.5 | CVE-2019-5457 MISC |
open.edx -- edx-platform | edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. | 2019-07-29 | 3.5 | CVE-2015-6253 CONFIRM MISC |
veeam -- one_reporter | Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx. | 2019-07-27 | 3.5 | CVE-2019-14297 MISC |
veeam -- one_reporter | Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. | 2019-07-27 | 3.5 | CVE-2019-14298 MISC |
veritas -- resiliency_platform | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. | 2019-07-29 | 3.5 | CVE-2019-14415 MISC FULLDISC MISC |
wallaceit -- wallacepos | Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. | 2019-07-31 | 3.5 | CVE-2019-3958 MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3proxy -- 3proxy | webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. | 2019-08-01 | not yet calculated | CVE-2019-14495 MISC MISC MISC |
adoptopenjdk -- icedtea-web | It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from | 2019-07-31 | not yet calculated | CVE-2019-10182 CONFIRM CONFIRM CONFIRM |
adoptopenjdk -- icedtea-web | It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. | 2019-07-31 | not yet calculated | CVE-2019-10185 CONFIRM CONFIRM CONFIRM |
adoptopenjdk -- icedtea-web | It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. | 2019-07-31 | not yet calculated | CVE-2019-10181 CONFIRM CONFIRM CONFIRM |
advantech -- webaccess_hmi_designer | In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | 2019-08-02 | not yet calculated | CVE-2019-10961 MISC |
alcatel-lucent_enterprise -- 8008_cloud_edition_deskphone_voip_phone | On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 2019-08-01 | not yet calculated | CVE-2019-14260 MISC |
alcatel -- linkzone_mw40-v-v1.0_mw40_02.00_02_devices | The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. | 2019-08-02 | not yet calculated | CVE-2019-7163 MISC |
amcrest -- ip2m-841b_ip_camera | The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and listen to the audio the camera is capturing. | 2019-07-29 | not yet calculated | CVE-2019-3948 MISC MISC |
ansible -- ansible | A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. | 2019-07-30 | not yet calculated | CVE-2019-10156 CONFIRM CONFIRM |
apache -- activemq_client | It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | 2019-08-01 | not yet calculated | CVE-2015-7559 CONFIRM CONFIRM |
apache -- solr | In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. | 2019-08-01 | not yet calculated | CVE-2019-0193 CONFIRM |
apache -- tika | A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later. | 2019-08-02 | not yet calculated | CVE-2019-10088 CONFIRM |
apache -- tika | In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later. | 2019-08-02 | not yet calculated | CVE-2019-10093 CONFIRM |
apache -- tika | A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later. | 2019-08-02 | not yet calculated | CVE-2019-10094 CONFIRM |
apache -- vcl | Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | 2019-07-29 | not yet calculated | CVE-2018-11772 MLIST MLIST |
apache -- vcl | Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | 2019-07-29 | not yet calculated | CVE-2018-11773 MLIST MLIST |
apache -- vcl | Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | 2019-07-29 | not yet calculated | CVE-2018-11774 MLIST MLIST |
avaya -- aura_conferencing | A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | 2019-07-31 | not yet calculated | CVE-2019-7000 CONFIRM |
bitdefender -- multiple_products | An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. | 2019-07-30 | not yet calculated | CVE-2019-14242 CONFIRM |
cisco -- nexus_9000_series_aci_mode_switch_software | A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release. | 2019-07-31 | not yet calculated | CVE-2019-1901 CISCO |
clmg -- clmg | CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. | 2019-07-31 | not yet calculated | CVE-2019-13568 MISC MISC MISC |
clusterlabs -- fence-agents | A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member. | 2019-07-30 | not yet calculated | CVE-2019-10153 CONFIRM CONFIRM CONFIRM |
cpanel -- cpanel | cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | 2019-08-01 | not yet calculated | CVE-2016-10815 MISC |
cpanel -- cpanel | cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | 2019-08-01 | not yet calculated | CVE-2015-9291 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). | 2019-08-01 | not yet calculated | CVE-2016-10823 MISC |
cpanel -- cpanel | cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | 2019-08-01 | not yet calculated | CVE-2016-10816 MISC |
cpanel -- cpanel | cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | 2019-08-01 | not yet calculated | CVE-2016-10817 MISC |
cpanel -- cpanel | cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | 2019-08-01 | not yet calculated | CVE-2016-10818 MISC |
cpanel -- cpanel | In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | 2019-08-01 | not yet calculated | CVE-2016-10819 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | 2019-08-01 | not yet calculated | CVE-2016-10820 MISC |
cpanel -- cpanel | In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | 2019-08-01 | not yet calculated | CVE-2016-10821 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | 2019-08-01 | not yet calculated | CVE-2016-10830 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | 2019-08-01 | not yet calculated | CVE-2016-10835 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | 2019-08-01 | not yet calculated | CVE-2016-10824 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | 2019-08-01 | not yet calculated | CVE-2016-10825 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | 2019-08-01 | not yet calculated | CVE-2016-10826 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | 2019-08-01 | not yet calculated | CVE-2016-10827 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). | 2019-08-01 | not yet calculated | CVE-2016-10828 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | 2019-08-01 | not yet calculated | CVE-2016-10829 MISC |
cpanel -- cpanel | cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | 2019-08-02 | not yet calculated | CVE-2017-18426 CONFIRM |
cpanel -- cpanel | cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | 2019-08-01 | not yet calculated | CVE-2016-10831 MISC |
cpanel -- cpanel | cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | 2019-08-01 | not yet calculated | CVE-2016-10814 MISC |
cpanel -- cpanel | cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | 2019-08-01 | not yet calculated | CVE-2016-10856 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | 2019-08-01 | not yet calculated | CVE-2016-10822 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | 2019-08-01 | not yet calculated | CVE-2016-10853 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | 2019-08-01 | not yet calculated | CVE-2016-10845 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | 2019-08-01 | not yet calculated | CVE-2016-10846 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | 2019-08-01 | not yet calculated | CVE-2016-10847 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | 2019-08-01 | not yet calculated | CVE-2016-10848 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | 2019-08-01 | not yet calculated | CVE-2016-10850 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). | 2019-08-01 | not yet calculated | CVE-2016-10837 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | 2019-08-01 | not yet calculated | CVE-2016-10851 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | 2019-08-01 | not yet calculated | CVE-2016-10852 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). | 2019-08-01 | not yet calculated | CVE-2016-10854 MISC |
cpanel -- cpanel | cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | 2019-08-02 | not yet calculated | CVE-2017-18384 CONFIRM |
cpanel -- cpanel | cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | 2019-08-01 | not yet calculated | CVE-2016-10855 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | 2019-08-01 | not yet calculated | CVE-2016-10833 MISC |
cpanel -- cpanel | cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). | 2019-08-01 | not yet calculated | CVE-2016-10858 MISC |
cpanel -- cpanel | cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). | 2019-08-01 | not yet calculated | CVE-2016-10859 MISC |
cpanel -- cpanel | cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | 2019-08-01 | not yet calculated | CVE-2016-10860 MISC |
cpanel -- cpanel | cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | 2019-08-02 | not yet calculated | CVE-2017-18382 CONFIRM |
cpanel -- cpanel | cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | 2019-08-01 | not yet calculated | CVE-2016-10838 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | 2019-08-01 | not yet calculated | CVE-2016-10836 MISC |
cpanel -- cpanel | cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | 2019-08-01 | not yet calculated | CVE-2016-10832 MISC |
cpanel -- cpanel | cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | 2019-08-02 | not yet calculated | CVE-2017-18386 CONFIRM |
cpanel -- cpanel | cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | 2019-08-01 | not yet calculated | CVE-2016-10834 MISC |
cpanel -- cpanel | cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | 2019-08-02 | not yet calculated | CVE-2017-18388 CONFIRM |
cpanel -- cpanel | In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | 2019-08-02 | not yet calculated | CVE-2017-18423 CONFIRM |
cpanel -- cpanel | In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). | 2019-08-02 | not yet calculated | CVE-2017-18424 CONFIRM |
cpanel -- cpanel | In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | 2019-08-02 | not yet calculated | CVE-2017-18425 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | 2019-08-02 | not yet calculated | CVE-2017-18401 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). | 2019-08-02 | not yet calculated | CVE-2017-18405 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). | 2019-08-02 | not yet calculated | CVE-2017-18399 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | 2019-08-02 | not yet calculated | CVE-2017-18392 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | 2019-08-02 | not yet calculated | CVE-2017-18387 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | 2019-08-02 | not yet calculated | CVE-2017-18389 CONFIRM |
cpanel -- cpanel | cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | 2019-08-02 | not yet calculated | CVE-2017-18421 CONFIRM |
cpanel -- cpanel | DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | 2019-08-02 | not yet calculated | CVE-2017-18398 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | 2019-08-02 | not yet calculated | CVE-2017-18390 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | 2019-08-02 | not yet calculated | CVE-2017-18391 CONFIRM |
cpanel -- cpanel | cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). | 2019-08-01 | not yet calculated | CVE-2016-10813 MISC |
cpanel -- cpanel | cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | 2019-08-02 | not yet calculated | CVE-2017-18394 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | 2019-08-02 | not yet calculated | CVE-2017-18397 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | 2019-08-02 | not yet calculated | CVE-2017-18396 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | 2019-08-02 | not yet calculated | CVE-2017-18393 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 does not block a username of ssl (SEC-328). | 2019-08-02 | not yet calculated | CVE-2017-18395 CONFIRM |
cpanel -- cpanel | In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | 2019-08-02 | not yet calculated | CVE-2017-18422 CONFIRM |
cpanel -- cpanel | cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | 2019-08-02 | not yet calculated | CVE-2017-18420 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | 2019-08-02 | not yet calculated | CVE-2017-18383 CONFIRM |
cpanel -- cpanel | cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). | 2019-08-02 | not yet calculated | CVE-2017-18408 CONFIRM |
cpanel -- cpanel | cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | 2019-08-01 | not yet calculated | CVE-2016-10857 MISC |
cpanel -- cpanel | cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | 2019-08-02 | not yet calculated | CVE-2017-18385 CONFIRM |
cpanel -- cpanel | In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). | 2019-08-02 | not yet calculated | CVE-2017-18413 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). | 2019-08-02 | not yet calculated | CVE-2017-18402 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | 2019-08-02 | not yet calculated | CVE-2017-18403 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | 2019-08-02 | not yet calculated | CVE-2017-18404 CONFIRM |
cpanel -- cpanel | cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). | 2019-08-01 | not yet calculated | CVE-2016-10843 MISC |
cpanel -- cpanel | cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). | 2019-08-02 | not yet calculated | CVE-2017-18406 CONFIRM |
cpanel -- cpanel | cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). | 2019-08-02 | not yet calculated | CVE-2017-18407 CONFIRM |
cpanel -- cpanel | In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). | 2019-08-02 | not yet calculated | CVE-2017-18409 CONFIRM |
cpanel -- cpanel | cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | 2019-08-02 | not yet calculated | CVE-2017-18419 CONFIRM |
cpanel -- cpanel | In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | 2019-08-02 | not yet calculated | CVE-2017-18410 CONFIRM |
cpanel -- cpanel | The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). | 2019-08-02 | not yet calculated | CVE-2017-18411 CONFIRM |
cpanel -- cpanel | cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | 2019-08-02 | not yet calculated | CVE-2017-18412 CONFIRM |
cpanel -- cpanel | cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | 2019-08-02 | not yet calculated | CVE-2017-18414 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). | 2019-08-02 | not yet calculated | CVE-2017-18400 CONFIRM |
cpanel -- cpanel | cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | 2019-08-02 | not yet calculated | CVE-2017-18415 CONFIRM |
cpanel -- cpanel | cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | 2019-08-02 | not yet calculated | CVE-2017-18416 CONFIRM |
cpanel -- cpanel | cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | 2019-08-02 | not yet calculated | CVE-2017-18417 CONFIRM |
cpanel -- cpanel | cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | 2019-08-02 | not yet calculated | CVE-2017-18418 CONFIRM |
cpanel -- cpanel | The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | 2019-08-01 | not yet calculated | CVE-2016-10844 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). | 2019-08-01 | not yet calculated | CVE-2016-10849 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). | 2019-08-01 | not yet calculated | CVE-2016-10842 MISC |
cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | 2019-08-02 | not yet calculated | CVE-2017-18441 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | 2019-08-02 | not yet calculated | CVE-2017-18433 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). | 2019-08-02 | not yet calculated | CVE-2017-18434 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | 2019-08-02 | not yet calculated | CVE-2017-18435 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | 2019-08-02 | not yet calculated | CVE-2017-18436 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | 2019-08-02 | not yet calculated | CVE-2017-18437 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). | 2019-08-02 | not yet calculated | CVE-2017-18439 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | 2019-08-02 | not yet calculated | CVE-2017-18449 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | 2019-08-02 | not yet calculated | CVE-2017-18440 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | 2019-08-02 | not yet calculated | CVE-2017-18442 CONFIRM |
cpanel -- cpanel | cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | 2019-08-02 | not yet calculated | CVE-2017-18431 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). | 2019-08-01 | not yet calculated | CVE-2018-20891 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | 2019-08-02 | not yet calculated | CVE-2017-18444 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | 2019-08-02 | not yet calculated | CVE-2017-18445 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). | 2019-08-02 | not yet calculated | CVE-2017-18446 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). | 2019-08-02 | not yet calculated | CVE-2017-18447 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | 2019-08-02 | not yet calculated | CVE-2017-18448 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | 2019-08-01 | not yet calculated | CVE-2018-20890 CONFIRM |
cpanel -- cpanel | The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). | 2019-08-01 | not yet calculated | CVE-2016-10841 MISC |
cpanel -- cpanel | cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | 2019-08-01 | not yet calculated | CVE-2018-20892 CONFIRM |
cpanel -- cpanel | In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). | 2019-08-02 | not yet calculated | CVE-2017-18432 CONFIRM |
cpanel -- cpanel | In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | 2019-08-02 | not yet calculated | CVE-2017-18430 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | 2019-08-01 | not yet calculated | CVE-2018-20934 CONFIRM |
cpanel -- cpanel | cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | 2019-08-02 | not yet calculated | CVE-2017-18461 CONFIRM |
cpanel -- cpanel | In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | 2019-08-02 | not yet calculated | CVE-2017-18455 CONFIRM |
cpanel -- cpanel | cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | 2019-08-02 | not yet calculated | CVE-2017-18456 CONFIRM |
cpanel -- cpanel | cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | 2019-08-02 | not yet calculated | CVE-2017-18457 CONFIRM |
cpanel -- cpanel | cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). | 2019-08-02 | not yet calculated | CVE-2017-18458 CONFIRM |
cpanel -- cpanel | cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | 2019-08-02 | not yet calculated | CVE-2017-18454 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | 2019-08-02 | not yet calculated | CVE-2017-18453 CONFIRM |
cpanel -- cpanel | cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | 2019-08-02 | not yet calculated | CVE-2017-18460 CONFIRM |
cpanel -- cpanel | cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | 2019-08-02 | not yet calculated | CVE-2017-18459 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | 2019-08-01 | not yet calculated | CVE-2018-20888 CONFIRM |
cpanel -- cpanel | cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | 2019-08-02 | not yet calculated | CVE-2017-18463 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | 2019-08-02 | not yet calculated | CVE-2017-18438 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | 2019-08-01 | not yet calculated | CVE-2018-20873 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). | 2019-08-01 | not yet calculated | CVE-2018-20874 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | 2019-08-01 | not yet calculated | CVE-2018-20882 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | 2019-08-01 | not yet calculated | CVE-2018-20886 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | 2019-08-02 | not yet calculated | CVE-2017-18451 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | 2019-08-01 | not yet calculated | CVE-2018-20889 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). | 2019-08-02 | not yet calculated | CVE-2017-18452 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | 2019-08-02 | not yet calculated | CVE-2017-18443 CONFIRM |
cpanel -- cpanel | cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | 2019-08-02 | not yet calculated | CVE-2017-18450 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | 2019-08-01 | not yet calculated | CVE-2018-20943 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | 2019-08-01 | not yet calculated | CVE-2018-20899 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | 2019-08-01 | not yet calculated | CVE-2018-20935 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). | 2019-08-01 | not yet calculated | CVE-2018-20909 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | 2019-08-01 | not yet calculated | CVE-2018-20936 CONFIRM |
cpanel -- cpanel | In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | 2019-08-02 | not yet calculated | CVE-2017-18428 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). | 2019-08-01 | not yet calculated | CVE-2018-20900 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). | 2019-08-01 | not yet calculated | CVE-2018-20904 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). | 2019-08-01 | not yet calculated | CVE-2018-20906 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | 2019-08-01 | not yet calculated | CVE-2018-20930 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | 2019-08-01 | not yet calculated | CVE-2018-20907 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | 2019-08-01 | not yet calculated | CVE-2018-20908 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | 2019-08-01 | not yet calculated | CVE-2018-20924 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | 2019-08-01 | not yet calculated | CVE-2018-20896 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). | 2019-08-01 | not yet calculated | CVE-2018-20925 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). | 2019-08-01 | not yet calculated | CVE-2018-20926 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | 2019-08-01 | not yet calculated | CVE-2018-20927 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | 2019-08-01 | not yet calculated | CVE-2018-20928 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | 2019-08-01 | not yet calculated | CVE-2018-20929 CONFIRM |
cpanel -- cpanel | In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | 2019-08-02 | not yet calculated | CVE-2017-18429 CONFIRM |
cpanel -- cpanel | In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | 2019-08-02 | not yet calculated | CVE-2017-18427 CONFIRM |
cpanel -- cpanel | cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | 2019-08-01 | not yet calculated | CVE-2016-10839 MISC |
cpanel -- cpanel | cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | 2019-08-01 | not yet calculated | CVE-2016-10840 MISC |
cpanel -- cpanel | cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | 2019-08-01 | not yet calculated | CVE-2018-20897 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | 2019-08-01 | not yet calculated | CVE-2018-20898 CONFIRM |
cpanel -- cpanel | In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | 2019-08-01 | not yet calculated | CVE-2018-20895 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | 2019-08-01 | not yet calculated | CVE-2018-20947 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | 2019-08-01 | not yet calculated | CVE-2018-20937 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | 2019-08-01 | not yet calculated | CVE-2018-20939 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | 2019-08-01 | not yet calculated | CVE-2018-20940 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | 2019-08-01 | not yet calculated | CVE-2018-20941 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | 2019-08-01 | not yet calculated | CVE-2018-20942 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | 2019-08-01 | not yet calculated | CVE-2018-20944 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). | 2019-08-01 | not yet calculated | CVE-2018-20894 CONFIRM |
cpanel -- cpanel | bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | 2019-08-01 | not yet calculated | CVE-2018-20945 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | 2019-08-01 | not yet calculated | CVE-2018-20946 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | 2019-08-01 | not yet calculated | CVE-2018-20932 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | 2019-08-01 | not yet calculated | CVE-2018-20948 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | 2019-08-01 | not yet calculated | CVE-2018-20931 CONFIRM |
cpanel -- cpanel | cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). | 2019-08-01 | not yet calculated | CVE-2018-20905 CONFIRM |
cpanel -- cpanel | cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). | 2019-08-01 | not yet calculated | CVE-2018-20893 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | 2019-08-01 | not yet calculated | CVE-2018-20949 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | 2019-08-01 | not yet calculated | CVE-2018-20938 CONFIRM |
cpanel -- cpanel | cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | 2019-08-01 | not yet calculated | CVE-2018-20933 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | 2019-08-01 | not yet calculated | CVE-2018-20953 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | 2019-08-01 | not yet calculated | CVE-2018-20952 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | 2019-08-01 | not yet calculated | CVE-2018-20951 CONFIRM |
cpanel -- cpanel | cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | 2019-08-01 | not yet calculated | CVE-2018-20950 CONFIRM |
crypto++ -- crypto++ | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information. | 2019-07-30 | not yet calculated | CVE-2019-14318 MISC MISC |
d-link -- 6600-ap_and_dwl_3600ap_ax_and_dwl-8610ap_ax_devices | An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. | 2019-08-01 | not yet calculated | CVE-2019-14334 MISC MISC MISC |
d-link -- 6600-ap_and_dwl_3600ap_ax_devices | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request. | 2019-08-01 | not yet calculated | CVE-2019-14336 MISC MISC MISC |
d-link -- 6600-ap_and_dwl_3600ap_ax_devices | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi. | 2019-08-01 | not yet calculated | CVE-2019-14333 MISC MISC MISC |
d-link -- 6600-ap_and_dwl_3600ap_ax_devices | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence. | 2019-08-01 | not yet calculated | CVE-2019-14337 MISC MISC MISC |
d-link -- 6600-ap_and_dwl_3600ap_ax_devices | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. | 2019-08-01 | not yet calculated | CVE-2019-14332 MISC MISC MISC |
d-link -- 6600-ap_and_dwl_3600ap_ax_devices | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface. | 2019-08-01 | not yet calculated | CVE-2019-14338 MISC MISC MISC |
d-link -- dva-5592 | The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. | 2019-08-02 | not yet calculated | CVE-2019-6968 MISC |
d-link -- dva-5592 | The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use). | 2019-08-02 | not yet calculated | CVE-2019-6969 MISC |
das_q -- das_q | Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. | 2019-08-02 | not yet calculated | CVE-2019-14551 MISC |
django -- django | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | 2019-08-02 | not yet calculated | CVE-2019-14232 MISC MISC CONFIRM |
django -- django | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. | 2019-08-02 | not yet calculated | CVE-2019-14235 MISC MISC CONFIRM |
django -- django | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. | 2019-08-02 | not yet calculated | CVE-2019-14233 MISC MISC CONFIRM |
dnsmasq -- dnsmasq | Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. | 2019-08-01 | not yet calculated | CVE-2019-14513 MISC |
docker -- docker | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | 2019-07-29 | not yet calculated | CVE-2019-14271 CONFIRM MISC |
docker -- docker-credential-helpers | docker-credential-helpers before 0.6.3 has a double free in the List functions. | 2019-07-29 | not yet calculated | CVE-2019-1020014 MISC MISC |
dolibarr_foundation -- dolibarr_erp_and_crm | Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server. | 2019-07-29 | not yet calculated | CVE-2019-11201 MISC |
dolibarr_foundation -- dolibarr_erp_and_crm | Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.) | 2019-07-29 | not yet calculated | CVE-2019-11200 MISC |
dolibarr_foundation -- dolibarr_erp_and_crm | Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type. | 2019-07-29 | not yet calculated | CVE-2019-11199 MISC |
draytek -- draytek_routers | DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649. | 2019-07-31 | not yet calculated | CVE-2018-20872 MISC |
eclipse -- openj9 | All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. | 2019-07-30 | not yet calculated | CVE-2019-11775 CONFIRM |
edx -- edx-platform | edx-platform before 2016-06-06 allows CSRF. | 2019-07-29 | not yet calculated | CVE-2016-10766 MISC CONFIRM |
edx -- edx-platform | edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. | 2019-07-30 | not yet calculated | CVE-2018-20859 MISC MISC MISC |
edx -- edx-platform | edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. | 2019-07-30 | not yet calculated | CVE-2017-18380 MISC CONFIRM |
edx -- edx-platform | edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. | 2019-07-29 | not yet calculated | CVE-2016-10765 CONFIRM |
edx -- open_edx | The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials. | 2019-07-30 | not yet calculated | CVE-2017-18381 MISC MISC |
elastic -- apm | A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent. | 2019-07-30 | not yet calculated | CVE-2019-7615 MISC |
elastic -- elasticsearch | A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. | 2019-07-30 | not yet calculated | CVE-2019-7614 MISC |
elastic -- kibana | Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. | 2019-07-30 | not yet calculated | CVE-2019-7616 MISC |
elm327 -- obd2_bluetooth_device | A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle, as demonstrated by turning off the vehicle's lights. | 2019-07-31 | not yet calculated | CVE-2019-12797 MISC MISC MISC |
fasterxml -- jackson-databind | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution. | 2019-07-29 | not yet calculated | CVE-2019-14379 MISC MISC |
fasterxml -- jackson-databind | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. | 2019-07-30 | not yet calculated | CVE-2019-14439 MISC MISC MISC |
foreman -- foreman-tasks | An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task. | 2019-07-31 | not yet calculated | CVE-2019-10198 CONFIRM MISC |
freetype -- freetype | In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. | 2019-07-30 | not yet calculated | CVE-2015-9290 MISC MISC |
gnome -- evolution-ews | It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. | 2019-08-01 | not yet calculated | CVE-2019-3890 CONFIRM CONFIRM |
gnucobol -- gnucobol | GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code. | 2019-08-01 | not yet calculated | CVE-2019-14486 MISC |
gnucobol -- gnucobol | GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. | 2019-08-02 | not yet calculated | CVE-2019-14541 MISC |
gnucobol -- gnucobol | GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code. | 2019-08-02 | not yet calculated | CVE-2019-14528 MISC |
gnucobol -- gnucobol | GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. | 2019-08-01 | not yet calculated | CVE-2019-14468 MISC |
gnu -- binutils | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. | 2019-07-30 | not yet calculated | CVE-2019-14444 MISC |
gogs -- gogs | routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | 2019-08-02 | not yet calculated | CVE-2019-14544 MISC |
happypoint -- happypoint_mobile_app | When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. | 2019-08-01 | not yet calculated | CVE-2019-9140 CONFIRM |
hasura -- graphql_engine | graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. | 2019-07-29 | not yet calculated | CVE-2019-1020015 MISC |
hewlett_packard_enterprise -- hp2910al-48g_switches | A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. | 2019-08-01 | not yet calculated | CVE-2019-5401 CONFIRM |
humhub -- humhub | HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure. | 2019-07-29 | not yet calculated | CVE-2019-12743 MISC MISC |
ibm -- i2_intelligent_analysis_platform | IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. | 2019-07-30 | not yet calculated | CVE-2019-4062 CONFIRM XF |
ibm -- jazz_for_service_management | IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296. | 2019-08-02 | not yet calculated | CVE-2019-4275 CONFIRM XF |
ibm -- spectrum_protect_for_enterprise_resource_planning | IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280. | 2019-08-02 | not yet calculated | CVE-2018-1987 CONFIRM XF |
imgix -- imgix | Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory. | 2019-07-29 | not yet calculated | CVE-2019-13655 MISC |
jolokia -- jolokia | A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | 2019-08-01 | not yet calculated | CVE-2018-10899 CONFIRM CONFIRM |
libav -- libav | An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. | 2019-07-30 | not yet calculated | CVE-2019-14441 MISC |
libav -- libav | In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | 2019-07-30 | not yet calculated | CVE-2019-14442 MISC |
liblouis -- liblouis | A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. | 2019-08-02 | not yet calculated | CVE-2014-8184 CONFIRM MISC |
libopenmpt -- libopenmpt | J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | 2019-07-30 | not yet calculated | CVE-2019-14383 MISC |
libopenmpt -- libopenmpt | libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | 2019-07-30 | not yet calculated | CVE-2018-20861 MISC |
libopenmpt -- libopenmpt | DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | 2019-07-30 | not yet calculated | CVE-2019-14382 MISC |
libopenmpt -- libopenmpt | libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. | 2019-07-30 | not yet calculated | CVE-2019-14381 CONFIRM |
libvirtd -- libvirtd | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. | 2019-07-30 | not yet calculated | CVE-2019-10161 CONFIRM CONFIRM CONFIRM |
libvirtd -- libvirtd | It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. | 2019-08-02 | not yet calculated | CVE-2019-10166 CONFIRM CONFIRM |
libvirt -- libvirt | The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | 2019-08-02 | not yet calculated | CVE-2019-10168 CONFIRM CONFIRM |
libvirt -- libvirt | The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | 2019-08-02 | not yet calculated | CVE-2019-10167 CONFIRM CONFIRM |
linux -- linux_kernel | A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects. | 2019-07-30 | not yet calculated | CVE-2019-10142 CONFIRM |
linux -- linux_kernel | A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. | 2019-07-30 | not yet calculated | CVE-2018-16871 CONFIRM |
magento -- magento | A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server. | 2019-08-02 | not yet calculated | CVE-2019-7912 CONFIRM |
magento -- magento | An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details. | 2019-08-02 | not yet calculated | CVE-2019-7872 CONFIRM |
magento -- magento | A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. | 2019-08-02 | not yet calculated | CVE-2019-7874 CONFIRM |
magento -- magento | An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information. | 2019-08-02 | not yet calculated | CVE-2019-7950 CONFIRM |
magento -- magento | A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | 2019-08-02 | not yet calculated | CVE-2019-7851 CONFIRM |
magento -- magento | A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers. | 2019-08-02 | not yet calculated | CVE-2019-7915 CONFIRM |
magento -- magento | An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template. | 2019-08-02 | not yet calculated | CVE-2019-7888 CONFIRM |
magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. | 2019-08-02 | not yet calculated | CVE-2019-7892 CONFIRM |
magento -- magento | An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. | 2019-08-02 | not yet calculated | CVE-2019-7890 CONFIRM |
magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update. | 2019-08-02 | not yet calculated | CVE-2019-7896 CONFIRM |
magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update. | 2019-08-02 | not yet calculated | CVE-2019-7895 CONFIRM |
magento -- magento | A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation. | 2019-08-02 | not yet calculated | CVE-2019-7857 CONFIRM |
magento -- magento | A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. | 2019-08-02 | not yet calculated | CVE-2019-7855 CONFIRM |
magento -- magento | A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. | 2019-08-02 | not yet calculated | CVE-2019-7852 CONFIRM |
magento -- magento | An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details. | 2019-08-02 | not yet calculated | CVE-2019-7854 CONFIRM |
magento -- magento | A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. | 2019-08-02 | not yet calculated | CVE-2019-7859 CONFIRM |
magento -- magento | A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. | 2019-08-02 | not yet calculated | CVE-2019-7923 CONFIRM |
magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. | 2019-08-02 | not yet calculated | CVE-2019-7903 CONFIRM |
magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. | 2019-08-02 | not yet calculated | CVE-2019-7942 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7927 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7926 CONFIRM |
magento -- magento | An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests. | 2019-08-02 | not yet calculated | CVE-2019-7951 CONFIRM |
magento -- magento | Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes. | 2019-08-02 | not yet calculated | CVE-2019-7904 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7936 CONFIRM |
magento -- magento | An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder. | 2019-08-02 | not yet calculated | CVE-2019-7925 CONFIRM |
magento -- magento | A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser. | 2019-08-02 | not yet calculated | CVE-2019-7939 CONFIRM |
magento -- magento | An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request. | 2019-08-02 | not yet calculated | CVE-2019-7929 CONFIRM |
magento -- magento | A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal. | 2019-08-02 | not yet calculated | CVE-2019-7928 CONFIRM |
magento -- magento | A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system. | 2019-08-02 | not yet calculated | CVE-2019-7930 CONFIRM |
magento -- magento | A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks. | 2019-08-02 | not yet calculated | CVE-2019-7858 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7937 CONFIRM |
magento -- magento | A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | not yet calculated | CVE-2019-7860 CONFIRM |
magento -- magento | A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection. | 2019-08-02 | not yet calculated | CVE-2019-7871 CONFIRM |
magento -- magento | Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | not yet calculated | CVE-2019-7861 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor. | 2019-08-02 | not yet calculated | CVE-2019-7866 CONFIRM |
magento -- magento | A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts. | 2019-08-02 | not yet calculated | CVE-2019-7886 CONFIRM |
magento -- magento | Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. | 2019-08-02 | not yet calculated | CVE-2019-7885 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7880 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7877 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7921 CONFIRM |
magento -- magento | A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule. | 2019-08-02 | not yet calculated | CVE-2019-7873 CONFIRM |
magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout. | 2019-08-02 | not yet calculated | CVE-2019-7876 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups. | 2019-08-02 | not yet calculated | CVE-2019-7869 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules. | 2019-08-02 | not yet calculated | CVE-2019-7868 CONFIRM |
magento -- magento | A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code. | 2019-08-02 | not yet calculated | CVE-2019-7913 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status. | 2019-08-02 | not yet calculated | CVE-2019-7867 CONFIRM |
magento -- magento | A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | not yet calculated | CVE-2019-7862 CONFIRM |
magento -- magento | A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration. | 2019-08-02 | not yet calculated | CVE-2019-7865 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel. | 2019-08-02 | not yet calculated | CVE-2019-7853 CONFIRM |
magento -- magento | An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. | 2019-08-02 | not yet calculated | CVE-2019-7864 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information. | 2019-08-02 | not yet calculated | CVE-2019-7908 CONFIRM |
magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories. | 2019-08-02 | not yet calculated | CVE-2019-7863 CONFIRM |
magento -- magento_and_magento_commerce | A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2. | 2019-08-02 | not yet calculated | CVE-2019-7849 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7897 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files. | 2019-08-02 | not yet calculated | CVE-2019-7882 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates. | 2019-08-02 | not yet calculated | CVE-2019-7909 CONFIRM |
magento -- multiple_products | A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code. | 2019-08-02 | not yet calculated | CVE-2019-7911 CONFIRM |
magento -- multiple_products | A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. | 2019-08-02 | not yet calculated | CVE-2019-7932 CONFIRM |
magento -- multiple_products | A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack). | 2019-08-02 | not yet calculated | CVE-2019-7881 CONFIRM |
magento -- multiple_products | Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | not yet calculated | CVE-2019-7899 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7934 CONFIRM |
magento -- multiple_products | Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input. | 2019-08-02 | not yet calculated | CVE-2019-7898 CONFIRM |
magento -- multiple_products | A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7945 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7935 CONFIRM |
magento -- multiple_products | A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | not yet calculated | CVE-2019-7947 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7938 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7940 CONFIRM |
magento -- multiple_products | An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications. | 2019-08-02 | not yet calculated | CVE-2019-7889 CONFIRM |
magento -- multiple_products | A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled. | 2019-08-02 | not yet calculated | CVE-2019-7887 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates. | 2019-08-02 | not yet calculated | CVE-2019-7875 CONFIRM |
magento -- multiple_products | A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript. | 2019-08-02 | not yet calculated | CVE-2019-7944 CONFIRM |
matrixssl -- matrixssl | In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. | 2019-07-29 | not yet calculated | CVE-2019-14431 MISC |
milkytracker -- milkytracker | ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. | 2019-08-01 | not yet calculated | CVE-2019-14497 MISC |
milkytracker -- milkytracker | LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. | 2019-08-01 | not yet calculated | CVE-2019-14496 MISC |
milkytracker -- milkytracker | XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. | 2019-07-31 | not yet calculated | CVE-2019-14464 MISC |
misskey -- misskey | Misskey before 10.102.4 allows hijacking a user's token. | 2019-07-29 | not yet calculated | CVE-2019-1020010 MISC |
netapp -- data_ontap_7-mode | Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. | 2019-08-02 | not yet calculated | CVE-2019-5501 CONFIRM |
netapp -- data_ontap_7-mode | Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. | 2019-08-02 | not yet calculated | CVE-2019-5493 CONFIRM |
netgear -- n600_wifi_dual_band_router | A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet. | 2019-07-28 | not yet calculated | CVE-2019-14363 MISC |
nextcloud -- nextcloud_android_application | Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. | 2019-07-30 | not yet calculated | CVE-2019-5452 MISC |
nextcloud -- nextcloud_android_application | Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. | 2019-07-30 | not yet calculated | CVE-2019-5455 MISC |
nextcloud -- nextcloud_android_application | SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. | 2019-07-30 | not yet calculated | CVE-2019-5454 MISC |
nextcloud -- nextcloud_android_application | Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. | 2019-07-30 | not yet calculated | CVE-2019-5453 MISC |
nextcloud -- nextcloud_android_application | Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. | 2019-07-30 | not yet calculated | CVE-2019-5450 MISC |
nextcloud -- nextcloud_android_application | Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. | 2019-07-30 | not yet calculated | CVE-2019-5451 MISC |
nextcloud -- nextcloud_server | A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. | 2019-07-30 | not yet calculated | CVE-2019-5449 MISC |
nfdump -- nfdump | nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | 2019-07-31 | not yet calculated | CVE-2019-14459 MISC MISC |
one_identity -- cloud_access_manager | One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. | 2019-07-29 | not yet calculated | CVE-2019-13498 CONFIRM |
openbravo -- openbravo_erp | Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. | 2019-07-28 | not yet calculated | CVE-2019-14362 MISC MISC MISC |
opencv -- opencv | An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered | 2019-08-01 | not yet calculated | CVE-2019-14491 MISC MISC MISC |
opencv -- opencv | An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. | 2019-08-01 | not yet calculated | CVE-2019-14493 MISC MISC |
opencv -- opencv | An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. | 2019-08-01 | not yet calculated | CVE-2019-14492 MISC MISC MISC |
openemr -- openemr | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | 2019-08-02 | not yet calculated | CVE-2019-14529 MISC |
opengear -- console_server | Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server. | 2019-07-31 | not yet calculated | CVE-2019-14456 MISC |
openssl -- openssl | OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | 2019-07-30 | not yet calculated | CVE-2019-1552 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
openstack -- openstack-ironic-inspector | A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service. | 2019-07-30 | not yet calculated | CVE-2019-10141 CONFIRM MISC MISC MISC MISC MISC |
oxid -- oxid_eshop | OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary. | 2019-07-30 | not yet calculated | CVE-2019-13026 CONFIRM |
pandao -- editor.md | pandao Editor.md 1.5.0 allows XSS via the Javascript: string. | 2019-08-01 | not yet calculated | CVE-2019-14517 MISC |
pandao -- editor.md | pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. | 2019-08-03 | not yet calculated | CVE-2019-14653 MISC |
pdfresurrect -- pdfresurrect | PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. | 2019-07-29 | not yet calculated | CVE-2019-14267 MISC MISC |
pixman -- pixman | An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. | 2019-07-31 | not yet calculated | CVE-2015-5297 MISC CONFIRM |
planon -- planon | Planon before Live Build 41 has XSS. | 2019-07-29 | not yet calculated | CVE-2018-18570 MISC |
podman -- podman | A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container. | 2019-07-30 | not yet calculated | CVE-2019-10152 CONFIRM CONFIRM CONFIRM CONFIRM |
polycom -- multiple_products | A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code. | 2019-07-29 | not yet calculated | CVE-2019-12948 CONFIRM |
polycom -- obihai_obi1022_voip_phone | On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 2019-08-01 | not yet calculated | CVE-2019-14259 MISC |
poppler -- poppler | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | 2019-08-01 | not yet calculated | CVE-2019-14494 MISC MISC |
postgresql -- postgresql | A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. | 2019-07-30 | not yet calculated | CVE-2019-10130 CONFIRM MISC |
powerdns -- authoritative_server | A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. | 2019-07-30 | not yet calculated | CVE-2019-10163 CONFIRM CONFIRM MISC |
powerdns -- authoritative_server | A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify. | 2019-07-30 | not yet calculated | CVE-2019-10162 CONFIRM CONFIRM MISC |
printeron -- printeron_central_print_services | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks. | 2019-07-29 | not yet calculated | CVE-2018-17213 MISC |
printeron -- printeron_central_print_services | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | 2019-07-29 | not yet calculated | CVE-2018-17211 MISC |
rancher -- rancher | An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them. | 2019-07-30 | not yet calculated | CVE-2019-11202 MISC MISC |
red_hat -- openshift_container_platform | A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | 2019-08-02 | not yet calculated | CVE-2019-10176 CONFIRM |
red_hat -- atomic-openshift | A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. | 2019-08-01 | not yet calculated | CVE-2019-3884 CONFIRM |
red_hat -- enterprise_linux | It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service. | 2019-08-02 | not yet calculated | CVE-2019-10171 CONFIRM |
red_hat -- openshift_container_platform | OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. | 2019-07-30 | not yet calculated | CVE-2019-10165 CONFIRM CONFIRM CONFIRM |
red_hat -- openstack_platform | A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens. | 2019-07-30 | not yet calculated | CVE-2019-10138 CONFIRM MISC |
red_hat -- satellite | It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | 2019-08-01 | not yet calculated | CVE-2014-8183 CONFIRM |
samba -- heimdal_kdc | A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. | 2019-07-31 | not yet calculated | CVE-2018-16860 CONFIRM MISC |
sas -- sas_drug_development | SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | 2019-07-31 | not yet calculated | CVE-2007-6763 MISC |
schism_tracker -- schism_tracker | fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. | 2019-07-31 | not yet calculated | CVE-2019-14465 MISC |
schism_tracker -- schism_tracker | An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. | 2019-08-02 | not yet calculated | CVE-2019-14524 MISC |
schism_tracker -- schism_tracker | An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. | 2019-08-02 | not yet calculated | CVE-2019-14523 MISC |
sdl2_image -- sdl2_image | An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 2019-07-31 | not yet calculated | CVE-2019-5060 MISC |
siemens -- siprotec_5_devices | A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. | 2019-08-02 | not yet calculated | CVE-2019-10938 MISC |
sigil_ebook -- sigil | Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | 2019-07-30 | not yet calculated | CVE-2019-14452 MISC MISC MISC MISC MISC MISC MISC UBUNTU |
sleuthkit -- sleuthkit | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. | 2019-08-02 | not yet calculated | CVE-2019-14532 MISC |
sleuthkit -- sleuthkit | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. | 2019-08-02 | not yet calculated | CVE-2019-14531 MISC |
smokedetector -- smokedetector | SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. | 2019-07-29 | not yet calculated | CVE-2019-1020011 MISC |
softether_vpn -- softethervpn | See.sys through 4.25 in the SoftEther VPN Server allows a user to specify any kernel address to which arbitrary bytes are written. | 2019-07-29 | not yet calculated | CVE-2019-11868 MISC MISC |
sonos -- zoneplayer | ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution. | 2019-08-02 | not yet calculated | CVE-2019-9141 CONFIRM |
ssdp_responder -- ssdp_responder | SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c. | 2019-07-28 | not yet calculated | CVE-2019-14323 MISC MISC |
symantec -- endpoint_protection_and_endpoint_protection_small_ business_edition | Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2019-07-31 | not yet calculated | CVE-2019-12750 MISC |
terracotta -- quartz_scheduler | initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 2019-07-26 | not yet calculated | CVE-2019-13990 MISC |
the_pallets_project -- werkzeug | In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | 2019-07-28 | not yet calculated | CVE-2019-14322 MISC |
unifi -- network_controller | SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | 2019-07-30 | not yet calculated | CVE-2019-5456 CONFIRM CONFIRM CONFIRM MISC |
univa -- grid_engine | In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890). | 2019-07-30 | not yet calculated | CVE-2018-20871 MISC |
veritas -- veritas_resiliency_platform | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. | 2019-07-29 | not yet calculated | CVE-2019-14418 MISC FULLDISC MISC |
vlc -- media_player | Double Free in VLC versions <= 3.0.6 leads to a crash. | 2019-07-30 | not yet calculated | CVE-2019-5460 MISC |
vlc -- media_player | An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. | 2019-07-30 | not yet calculated | CVE-2019-5459 MISC |
wallacepos -- wallacepos | Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. | 2019-07-31 | not yet calculated | CVE-2019-3960 MISC |
windu -- windu_cms | Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | 2019-08-01 | not yet calculated | CVE-2013-7473 MISC |
windu -- windu_cms | Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | 2019-08-01 | not yet calculated | CVE-2013-7474 MISC |
wordpress -- wordpress | The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. | 2019-07-30 | not yet calculated | CVE-2019-13635 MISC MISC MISC MISC CONFIRM |
wordpress -- wordpress | The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | 2019-08-01 | not yet calculated | CVE-2019-13572 MISC MISC |
wordpress -- wordpress | A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | 2019-07-29 | not yet calculated | CVE-2019-13571 MISC MISC MISC MISC |
wordpress -- wordpress | The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. | 2019-07-28 | not yet calculated | CVE-2019-14328 MISC MISC MISC |
yara -- yara | An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability. | 2019-07-31 | not yet calculated | CVE-2019-5020 MISC |
yarn -- yarn | Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. | 2019-07-30 | not yet calculated | CVE-2019-5448 MISC MISC CONFIRM |
zurmo -- zurmo | Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | 2019-08-01 | not yet calculated | CVE-2019-14472 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/2GOEavx