Vulnerability Summary for the Week of August 5, 2019
Original release date: August 12, 2019
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System https://ift.tt/31ylaJO
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| beardev -- joomsport | The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | 2019-08-05 | 7.5 | CVE-2019-14348 MISC MISC MISC |
| cpanel -- cpanel | cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). | 2019-08-06 | 9.0 | CVE-2016-10788 CONFIRM |
| cpanel -- cpanel | The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). | 2019-08-07 | 8.7 | CVE-2016-10804 CONFIRM MISC |
| cpanel -- cpanel | In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). | 2019-08-07 | 9.0 | CVE-2016-10809 CONFIRM MISC |
| cpanel -- cpanel | In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). | 2019-08-07 | 9.0 | CVE-2016-10810 CONFIRM MISC |
| cpanel -- cpanel | In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | 2019-08-07 | 9.0 | CVE-2016-10811 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | 2019-08-02 | 9.0 | CVE-2017-18386 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | 2019-08-02 | 7.2 | CVE-2017-18388 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | 2019-08-02 | 7.2 | CVE-2017-18390 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | 2019-08-02 | 9.0 | CVE-2017-18433 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). | 2019-08-02 | 7.2 | CVE-2017-18434 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | 2019-08-02 | 7.5 | CVE-2017-18435 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | 2019-08-02 | 7.2 | CVE-2017-18459 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | 2019-08-02 | 7.2 | CVE-2017-18460 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | 2019-08-02 | 7.2 | CVE-2017-18463 CONFIRM MISC |
| fedoraproject -- 389_directory_server | It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service. | 2019-08-02 | 7.8 | CVE-2019-10171 CONFIRM |
| magento -- magento | An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. | 2019-08-02 | 7.5 | CVE-2019-7890 CONFIRM |
| magento -- magento | A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system. | 2019-08-02 | 9.0 | CVE-2019-7930 CONFIRM |
| open-emr -- openemr | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | 2019-08-02 | 7.5 | CVE-2019-14529 MISC |
| sygnoos -- popup_builder | A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. | 2019-08-06 | 7.5 | CVE-2019-14695 MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adplug -- adplug | AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. | 2019-08-06 | 6.8 | CVE-2019-14690 MISC |
| adplug -- adplug | AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. | 2019-08-06 | 6.8 | CVE-2019-14691 MISC |
| adplug -- adplug | AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. | 2019-08-06 | 6.8 | CVE-2019-14692 MISC |
| adplug -- adplug | AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. | 2019-08-06 | 6.8 | CVE-2019-14733 MISC |
| adplug -- adplug | AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. | 2019-08-06 | 6.8 | CVE-2019-14734 MISC |
| brandy_project -- brandy | Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code. | 2019-08-05 | 4.3 | CVE-2019-14662 MISC |
| brandy_project -- brandy | Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code. | 2019-08-05 | 4.3 | CVE-2019-14663 MISC |
| brandy_project -- brandy | Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code. | 2019-08-05 | 4.3 | CVE-2019-14665 MISC |
| cpanel -- cpanel | cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). | 2019-08-05 | 5.5 | CVE-2016-10768 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). | 2019-08-05 | 5.8 | CVE-2016-10769 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | 2019-08-05 | 5.5 | CVE-2016-10770 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). | 2019-08-05 | 5.5 | CVE-2016-10771 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). | 2019-08-05 | 6.5 | CVE-2016-10773 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185). | 2019-08-06 | 4.0 | CVE-2016-10785 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). | 2019-08-06 | 4.0 | CVE-2016-10786 CONFIRM |
| cpanel -- cpanel | The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). | 2019-08-06 | 5.5 | CVE-2016-10787 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). | 2019-08-06 | 6.5 | CVE-2016-10789 CONFIRM |
| cpanel -- cpanel | cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | 2019-08-07 | 6.5 | CVE-2016-10802 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). | 2019-08-07 | 6.5 | CVE-2016-10805 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112). | 2019-08-07 | 4.0 | CVE-2016-10807 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | 2019-08-02 | 4.0 | CVE-2017-18382 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | 2019-08-02 | 4.6 | CVE-2017-18383 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | 2019-08-02 | 6.5 | CVE-2017-18389 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | 2019-08-02 | 4.0 | CVE-2017-18426 CONFIRM |
| cpanel -- cpanel | In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | 2019-08-02 | 4.6 | CVE-2017-18430 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | 2019-08-02 | 6.5 | CVE-2017-18438 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). | 2019-08-02 | 6.5 | CVE-2017-18439 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | 2019-08-02 | 4.0 | CVE-2017-18440 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | 2019-08-02 | 4.0 | CVE-2017-18441 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | 2019-08-02 | 5.0 | CVE-2017-18442 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | 2019-08-02 | 5.0 | CVE-2017-18443 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | 2019-08-02 | 5.0 | CVE-2017-18444 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | 2019-08-02 | 4.0 | CVE-2017-18445 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). | 2019-08-02 | 6.5 | CVE-2017-18446 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). | 2019-08-02 | 6.5 | CVE-2017-18447 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | 2019-08-02 | 5.0 | CVE-2017-18448 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | 2019-08-02 | 4.4 | CVE-2017-18450 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | 2019-08-02 | 5.0 | CVE-2017-18451 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). | 2019-08-02 | 4.6 | CVE-2017-18452 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | 2019-08-02 | 4.0 | CVE-2017-18453 CONFIRM MISC |
| cpanel -- cpanel | In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | 2019-08-02 | 4.0 | CVE-2017-18455 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | 2019-08-02 | 4.3 | CVE-2017-18456 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | 2019-08-02 | 4.9 | CVE-2017-18457 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | 2019-08-02 | 5.0 | CVE-2017-18461 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | 2019-08-05 | 6.5 | CVE-2017-18469 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). | 2019-08-05 | 4.3 | CVE-2017-18472 CONFIRM MISC |
| dlink -- dva-5592_firmware | The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. | 2019-08-02 | 4.3 | CVE-2019-6968 MISC |
| dlink -- dva-5592_firmware | The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use). | 2019-08-02 | 5.0 | CVE-2019-6969 MISC |
| firefly-iii -- flrefly_iii | Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action. | 2019-08-05 | 4.3 | CVE-2019-14667 MISC MISC MISC |
| gnucobol_project -- gnucobol | GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. | 2019-08-02 | 6.8 | CVE-2019-14541 MISC |
| ibm -- websphere_mq | IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013. | 2019-08-05 | 4.0 | CVE-2019-4261 XF CONFIRM |
| ipandao -- editor.md | pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. | 2019-08-03 | 4.3 | CVE-2019-14653 MISC |
| joomla -- joomla! | In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. | 2019-08-04 | 6.5 | CVE-2019-14654 MISC |
| liblouis -- liblouis | A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. | 2019-08-02 | 6.8 | CVE-2014-8184 CONFIRM MISC |
| magento -- magento | A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2. | 2019-08-02 | 5.0 | CVE-2019-7849 CONFIRM |
| magento -- magento | A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | 2019-08-02 | 5.8 | CVE-2019-7851 CONFIRM |
| magento -- magento | A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. | 2019-08-02 | 5.0 | CVE-2019-7852 CONFIRM |
| magento -- magento | An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details. | 2019-08-02 | 5.0 | CVE-2019-7854 CONFIRM |
| magento -- magento | A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. | 2019-08-02 | 5.0 | CVE-2019-7855 CONFIRM |
| magento -- magento | A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation. | 2019-08-02 | 4.3 | CVE-2019-7857 CONFIRM |
| magento -- magento | A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks. | 2019-08-02 | 5.0 | CVE-2019-7858 CONFIRM |
| magento -- magento | A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. | 2019-08-02 | 5.0 | CVE-2019-7859 MISC CONFIRM |
| magento -- magento | A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | 5.0 | CVE-2019-7860 CONFIRM |
| magento -- magento | Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | 5.0 | CVE-2019-7861 CONFIRM |
| magento -- magento | An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. | 2019-08-02 | 5.0 | CVE-2019-7864 CONFIRM |
| magento -- magento | A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration. | 2019-08-02 | 6.8 | CVE-2019-7865 CONFIRM |
| magento -- magento | A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection. | 2019-08-02 | 6.5 | CVE-2019-7871 CONFIRM |
| magento -- magento | An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details. | 2019-08-02 | 5.5 | CVE-2019-7872 CONFIRM |
| magento -- magento | A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule. | 2019-08-02 | 5.8 | CVE-2019-7873 CONFIRM |
| magento -- magento | A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. | 2019-08-02 | 4.3 | CVE-2019-7874 CONFIRM |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout. | 2019-08-02 | 6.5 | CVE-2019-7876 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript. | 2019-08-02 | 4.3 | CVE-2019-7877 MISC CONFIRM |
| magento -- magento | Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. | 2019-08-02 | 6.5 | CVE-2019-7885 CONFIRM |
| magento -- magento | A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts. | 2019-08-02 | 5.0 | CVE-2019-7886 CONFIRM |
| magento -- magento | An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template. | 2019-08-02 | 4.0 | CVE-2019-7888 CONFIRM |
| magento -- magento | An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications. | 2019-08-02 | 4.0 | CVE-2019-7889 CONFIRM |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. | 2019-08-02 | 6.5 | CVE-2019-7892 CONFIRM |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update. | 2019-08-02 | 6.5 | CVE-2019-7895 CONFIRM |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update. | 2019-08-02 | 6.5 | CVE-2019-7896 CONFIRM |
| magento -- magento | Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input. | 2019-08-02 | 5.0 | CVE-2019-7898 CONFIRM |
| magento -- magento | Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | 5.0 | CVE-2019-7899 CONFIRM |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. | 2019-08-02 | 6.5 | CVE-2019-7903 CONFIRM |
| magento -- magento | Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes. | 2019-08-02 | 5.5 | CVE-2019-7904 CONFIRM |
| magento -- magento | A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code. | 2019-08-02 | 6.5 | CVE-2019-7911 CONFIRM |
| magento -- magento | A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server. | 2019-08-02 | 6.5 | CVE-2019-7912 CONFIRM |
| magento -- magento | A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code. | 2019-08-02 | 6.5 | CVE-2019-7913 CONFIRM |
| magento -- magento | A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers. | 2019-08-02 | 5.0 | CVE-2019-7915 CONFIRM |
| magento -- magento | A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. | 2019-08-02 | 6.5 | CVE-2019-7923 CONFIRM |
| magento -- magento | An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder. | 2019-08-02 | 5.5 | CVE-2019-7925 CONFIRM |
| magento -- magento | A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal. | 2019-08-02 | 5.0 | CVE-2019-7928 CONFIRM |
| magento -- magento | An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request. | 2019-08-02 | 4.0 | CVE-2019-7929 CONFIRM |
| magento -- magento | A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. | 2019-08-02 | 6.5 | CVE-2019-7932 CONFIRM |
| magento -- magento | A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser. | 2019-08-02 | 4.3 | CVE-2019-7939 CONFIRM |
| magento -- magento | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. | 2019-08-02 | 6.5 | CVE-2019-7942 CONFIRM |
| magento -- magento | A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | 4.3 | CVE-2019-7947 CONFIRM |
| magento -- magento | An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information. | 2019-08-02 | 5.0 | CVE-2019-7950 CONFIRM |
| magento -- magento | An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests. | 2019-08-02 | 5.0 | CVE-2019-7951 CONFIRM |
| octopus -- octopus_deploy | In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call. | 2019-08-05 | 4.0 | CVE-2019-14525 MISC MISC CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cpanel -- cpanel | cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). | 2019-08-05 | 3.5 | CVE-2016-10767 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | 2019-08-05 | 2.1 | CVE-2016-10772 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). | 2019-08-05 | 3.5 | CVE-2016-10774 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). | 2019-08-06 | 3.5 | CVE-2016-10776 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). | 2019-08-06 | 3.5 | CVE-2016-10777 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). | 2019-08-06 | 3.5 | CVE-2016-10778 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). | 2019-08-06 | 3.5 | CVE-2016-10779 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). | 2019-08-06 | 3.5 | CVE-2016-10780 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). | 2019-08-06 | 3.5 | CVE-2016-10781 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181). | 2019-08-06 | 3.5 | CVE-2016-10782 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182). | 2019-08-06 | 3.5 | CVE-2016-10783 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184). | 2019-08-06 | 3.5 | CVE-2016-10784 CONFIRM |
| cpanel -- cpanel | cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110). | 2019-08-07 | 3.5 | CVE-2016-10806 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | 2019-08-02 | 2.1 | CVE-2017-18384 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | 2019-08-02 | 2.1 | CVE-2017-18385 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | 2019-08-02 | 1.9 | CVE-2017-18391 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | 2019-08-02 | 3.5 | CVE-2017-18417 CONFIRM |
| cpanel -- cpanel | cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | 2019-08-02 | 3.5 | CVE-2017-18418 CONFIRM |
| cpanel -- cpanel | cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | 2019-08-02 | 3.5 | CVE-2017-18419 CONFIRM |
| cpanel -- cpanel | cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | 2019-08-02 | 3.5 | CVE-2017-18420 CONFIRM |
| cpanel -- cpanel | cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | 2019-08-02 | 2.1 | CVE-2017-18421 CONFIRM |
| cpanel -- cpanel | In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | 2019-08-02 | 2.1 | CVE-2017-18422 CONFIRM |
| cpanel -- cpanel | In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | 2019-08-02 | 2.1 | CVE-2017-18423 CONFIRM |
| cpanel -- cpanel | In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). | 2019-08-02 | 2.1 | CVE-2017-18424 CONFIRM |
| cpanel -- cpanel | In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | 2019-08-02 | 1.9 | CVE-2017-18425 CONFIRM MISC |
| cpanel -- cpanel | In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | 2019-08-02 | 2.1 | CVE-2017-18429 CONFIRM |
| cpanel -- cpanel | cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | 2019-08-02 | 2.7 | CVE-2017-18436 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | 2019-08-02 | 3.6 | CVE-2017-18437 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | 2019-08-02 | 2.1 | CVE-2017-18449 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | 2019-08-02 | 3.5 | CVE-2017-18454 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). | 2019-08-02 | 3.6 | CVE-2017-18458 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | 2019-08-05 | 3.5 | CVE-2017-18471 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | 2019-08-05 | 3.5 | CVE-2017-18473 CONFIRM MISC |
| cpanel -- cpanel | cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | 2019-08-05 | 3.5 | CVE-2017-18481 CONFIRM MISC |
| espocrm -- espocrm | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the JavaScript inside the filename and send it to users, thus helping him steal victims' cookies (hence compromising their accounts). | 2019-08-05 | 3.5 | CVE-2019-14547 MISC MISC MISC MISC |
| espocrm -- espocrm | An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside the body of the article, thus helping him steal victims' cookies (hence compromising their accounts). | 2019-08-05 | 3.5 | CVE-2019-14548 MISC MISC MISC MISC |
| espocrm -- espocrm | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible link. | 2019-08-05 | 3.5 | CVE-2019-14549 MISC MISC MISC MISC |
| espocrm -- espocrm | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims' cookies (hence compromising their accounts). | 2019-08-05 | 3.5 | CVE-2019-14550 MISC MISC MISC MISC |
| firefly-iii -- flrefly_iii | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link. | 2019-08-05 | 3.5 | CVE-2019-14668 MISC MISC |
| firefly-iii -- flrefly_iii | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page. | 2019-08-05 | 3.5 | CVE-2019-14669 MISC MISC |
| firefly-iii -- flrefly_iii | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation. | 2019-08-05 | 3.5 | CVE-2019-14670 MISC MISC |
| firefly-iii -- flrefly_iii | Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints. | 2019-08-05 | 2.1 | CVE-2019-14671 MISC MISC |
| firefly-iii -- flrefly_iii | Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page. | 2019-08-05 | 3.5 | CVE-2019-14672 MISC MISC |
| ibm -- cloud_private | IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512. | 2019-08-05 | 2.1 | CVE-2019-4284 XF CONFIRM |
| ibm -- jazz_for_service_management | IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296. | 2019-08-02 | 2.1 | CVE-2019-4275 CONFIRM XF |
| magento -- magento | A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel. | 2019-08-02 | 3.5 | CVE-2019-7853 MISC CONFIRM |
| magento -- magento | A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 2019-08-02 | 3.5 | CVE-2019-7862 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories. | 2019-08-02 | 3.5 | CVE-2019-7863 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor. | 2019-08-02 | 3.5 | CVE-2019-7866 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status. | 2019-08-02 | 3.5 | CVE-2019-7867 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules. | 2019-08-02 | 3.5 | CVE-2019-7868 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups. | 2019-08-02 | 3.5 | CVE-2019-7869 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates. | 2019-08-02 | 3.5 | CVE-2019-7875 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7880 CONFIRM |
| magento -- magento | A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack). | 2019-08-02 | 3.5 | CVE-2019-7881 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files. | 2019-08-02 | 3.5 | CVE-2019-7882 CONFIRM |
| magento -- magento | A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled. | 2019-08-02 | 3.5 | CVE-2019-7887 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7897 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information. | 2019-08-02 | 3.5 | CVE-2019-7908 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates. | 2019-08-02 | 3.5 | CVE-2019-7909 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7921 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7926 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7927 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7934 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7935 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7936 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7937 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7938 CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7940 MISC CONFIRM |
| magento -- magento | A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7944 MISC CONFIRM |
| magento -- magento | A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript. | 2019-08-02 | 3.5 | CVE-2019-7945 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 1crm -- on-premise_software | 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. | 2019-08-08 | not yet calculated | CVE-2019-14221 MISC EXPLOIT-DB |
| 3cx -- 3cx_phone_system_web_management_console | An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS). | 2019-08-08 | not yet calculated | CVE-2019-13176 MISC |
| 6kbbs -- 6kbbs | 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | 2019-08-08 | not yet calculated | CVE-2015-9292 MISC |
| :digitallyhappy -- backpack_for_laravel | The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. | 2019-08-08 | not yet calculated | CVE-2018-20962 MISC MISC MISC MISC |
| adplug -- adplug | AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp. | 2019-08-06 | not yet calculated | CVE-2019-14732 MISC |
| annke -- sp1_hd_wireless_camera | ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID. | 2019-08-07 | not yet calculated | CVE-2017-18483 MISC |
| apache -- ranger | Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix. | 2019-08-08 | not yet calculated | CVE-2019-12397 MLIST CONFIRM |
| apache -- spark | Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs. | 2019-08-07 | not yet calculated | CVE-2019-10099 MISC |
| aptana -- jaxer | Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. | 2019-08-09 | not yet calculated | CVE-2019-14312 MISC MISC |
| atlassian -- jira | The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. | 2019-08-09 | not yet calculated | CVE-2018-20826 MISC |
| atlassian -- jira | The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. | 2019-08-09 | not yet calculated | CVE-2018-20827 MISC |
| atlassian -- jira_server_and_data_center | There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability. | 2019-08-09 | not yet calculated | CVE-2019-11581 MISC |
| backdrop -- backdrop_cms | In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.) | 2019-08-07 | not yet calculated | CVE-2019-14770 MISC |
| backdrop -- backdrop_cms | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.) | 2019-08-07 | not yet calculated | CVE-2019-14771 MISC |
| backdrop -- backdrop_cms | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.) | 2019-08-07 | not yet calculated | CVE-2019-14769 MISC |
| canon -- multiple_eos_and_powershot_products | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command. | 2019-08-06 | not yet calculated | CVE-2019-5998 MISC MISC CONFIRM MISC |
| canon -- multiple_eos_and_powershot_products | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command. | 2019-08-06 | not yet calculated | CVE-2019-6000 MISC MISC CONFIRM MISC |
| canon -- multiple_eos_and_powershot_products | Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier. A successful exploitation may result in a specially crafted firmware update or unofficial firmware update being applied without user's consent via unspecified vector. | 2019-08-06 | not yet calculated | CVE-2019-5995 MISC MISC CONFIRM MISC |
| canon -- multiple_eos_and_powershot_products | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command. | 2019-08-06 | not yet calculated | CVE-2019-5999 MISC MISC CONFIRM MISC |
| canon -- multiple_eos_and_powershot_products | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via setadapterbatteryreport command. | 2019-08-06 | not yet calculated | CVE-2019-6001 MISC MISC CONFIRM MISC |
| canon -- multiple_eos_and_powershot_products | Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via SendObjectInfo command. | 2019-08-06 | not yet calculated | CVE-2019-5994 MISC MISC CONFIRM MISC |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device. | 2019-08-08 | not yet calculated | CVE-2019-1952 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device. | 2019-08-07 | not yet calculated | CVE-2019-1895 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. | 2019-08-08 | not yet calculated | CVE-2019-1973 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image. | 2019-08-08 | not yet calculated | CVE-2019-1946 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2019-08-08 | not yet calculated | CVE-2019-1959 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability. | 2019-08-08 | not yet calculated | CVE-2019-1953 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. | 2019-08-08 | not yet calculated | CVE-2019-1972 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2019-08-08 | not yet calculated | CVE-2019-1960 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS. | 2019-08-08 | not yet calculated | CVE-2019-1961 CISCO |
| cisco -- enterprise_nfv_infrastructure_software | A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | 2019-08-08 | not yet calculated | CVE-2019-1971 CISCO |
| cisco -- ios_xr_software | A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS–IS area to unexpectedly restart the IS–IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software. | 2019-08-07 | not yet calculated | CVE-2019-1910 CISCO |
| cisco -- ios_xr_software | A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition. | 2019-08-07 | not yet calculated | CVE-2019-1918 CISCO |
| cisco -- adaptive_security_appliance | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. | 2019-08-07 | not yet calculated | CVE-2019-1934 CISCO |
| cisco -- adaptive_security_appliance | Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. | 2019-08-07 | not yet calculated | CVE-2019-1944 CISCO |
| cisco -- adaptive_security_appliance | Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. | 2019-08-07 | not yet calculated | CVE-2019-1945 CISCO |
| cisco -- asyncos_software_for_cisco_email_security_appliances | A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. A successful exploit could allow the attacker to bypass the header filters that are configured for the affected device, which could allow malicious content to pass through the device. | 2019-08-08 | not yet calculated | CVE-2019-1955 CISCO |
| cisco -- firepower_management_center | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2019-08-08 | not yet calculated | CVE-2019-1949 CISCO |
| cisco -- firepower_threat_defense | A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. | 2019-08-08 | not yet calculated | CVE-2019-1970 CISCO |
| cisco -- hyperflex_software | A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. | 2019-08-08 | not yet calculated | CVE-2019-1958 CISCO |
| cisco -- iot_field_network_director | A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. | 2019-08-08 | not yet calculated | CVE-2019-1957 CISCO |
| cisco -- sd-wan_solution | A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a target device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet in the network. | 2019-08-08 | not yet calculated | CVE-2019-1951 CISCO |
| cisco -- small_business_220_series_smart_switches | A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user. | 2019-08-07 | not yet calculated | CVE-2019-1914 CISCO |
| cisco -- small_business_220_series_smart_switches | A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default. | 2019-08-07 | not yet calculated | CVE-2019-1912 CISCO |
| cisco -- small_business_220_series_smart_switches | Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS. | 2019-08-07 | not yet calculated | CVE-2019-1913 CISCO |
| cisco -- spa112_2-port_phone_adapter | A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by inserting malicious code in one of the configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2019-08-08 | not yet calculated | CVE-2019-1956 CISCO |
| cisco -- webex_meetings_server_software | A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. | 2019-08-08 | not yet calculated | CVE-2019-1954 CISCO |
| cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2019-08-07 | not yet calculated | CVE-2019-1924 CISCO |
| cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2019-08-07 | not yet calculated | CVE-2019-1926 CISCO |
| cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2019-08-07 | not yet calculated | CVE-2019-1929 CISCO |
| cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2019-08-07 | not yet calculated | CVE-2019-1928 CISCO |
| cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2019-08-07 | not yet calculated | CVE-2019-1927 CISCO |
| cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windows | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | 2019-08-07 | not yet calculated | CVE-2019-1925 CISCO |
| cloud_foundry -- multiple_products | CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | 2019-08-05 | not yet calculated | CVE-2019-3800 CONFIRM CONFIRM |
| cloud_foundry -- uaa | Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. | 2019-08-09 | not yet calculated | CVE-2019-11274 CONFIRM |
| cloud_foundry -- uaa_and_pivotal_application services_and_pivotal_ops_manager | Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ?clients.write? authority or scope can bypass the restrictions imposed on clients created via ?clients.write? and create clients with arbitrary scopes that he does not possess. | 2019-08-05 | not yet calculated | CVE-2019-11270 CONFIRM CONFIRM |
| cognitoys -- dino_devices | Cognitoys Dino devices allow profiles_add.html CSRF. | 2019-08-08 | not yet calculated | CVE-2017-18485 MISC |
| cognitoys -- dino_devices | Cognitoys Dino devices allow XSS via the SSID. | 2019-08-08 | not yet calculated | CVE-2017-18484 MISC |
| cpanel -- cpanel | cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | 2019-08-06 | not yet calculated | CVE-2016-10794 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | 2019-08-05 | not yet calculated | CVE-2017-18468 CONFIRM |
| cpanel -- cpanel | In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). | 2019-08-05 | not yet calculated | CVE-2017-18475 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). | 2019-08-05 | not yet calculated | CVE-2017-18482 CONFIRM |
| cpanel -- cpanel | cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | 2019-08-07 | not yet calculated | CVE-2016-10803 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | 2019-08-05 | not yet calculated | CVE-2017-18465 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | 2019-08-05 | not yet calculated | CVE-2017-18466 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). | 2019-08-05 | not yet calculated | CVE-2016-10775 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). | 2019-08-05 | not yet calculated | CVE-2017-18464 CONFIRM |
| cpanel -- cpanel | In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). | 2019-08-07 | not yet calculated | CVE-2016-10812 CONFIRM |
| cpanel -- cpanel | cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | 2019-08-07 | not yet calculated | CVE-2016-10801 CONFIRM |
| cpanel -- cpanel | cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). | 2019-08-07 | not yet calculated | CVE-2016-10800 CONFIRM |
| cpanel -- cpanel | cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | 2019-08-06 | not yet calculated | CVE-2016-10796 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | 2019-08-05 | not yet calculated | CVE-2017-18462 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). | 2019-08-06 | not yet calculated | CVE-2016-10790 CONFIRM |
| cpanel -- cpanel | cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | 2019-08-06 | not yet calculated | CVE-2016-10791 CONFIRM |
| cpanel -- cpanel | In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | 2019-08-05 | not yet calculated | CVE-2017-18477 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | 2019-08-05 | not yet calculated | CVE-2017-18467 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | 2019-08-05 | not yet calculated | CVE-2017-18480 CONFIRM |
| cpanel -- cpanel | cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | 2019-08-06 | not yet calculated | CVE-2016-10797 CONFIRM |
| cpanel -- cpanel | cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134). | 2019-08-07 | not yet calculated | CVE-2016-10798 CONFIRM |
| cpanel -- cpanel | In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | 2019-08-05 | not yet calculated | CVE-2017-18479 CONFIRM |
| cpanel -- cpanel | In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | 2019-08-05 | not yet calculated | CVE-2017-18478 CONFIRM |
| cpanel -- cpanel | cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | 2019-08-06 | not yet calculated | CVE-2016-10792 CONFIRM |
| cpanel -- cpanel | Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). | 2019-08-05 | not yet calculated | CVE-2017-18476 CONFIRM |
| cpanel -- cpanel | cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | 2019-08-07 | not yet calculated | CVE-2016-10799 CONFIRM |
| cpanel -- cpanel | In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). | 2019-08-07 | not yet calculated | CVE-2016-10808 CONFIRM |
| cpanel -- cpanel | cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). | 2019-08-06 | not yet calculated | CVE-2016-10793 CONFIRM |
| cpanel -- cpanel | cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). | 2019-08-06 | not yet calculated | CVE-2016-10795 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | 2019-08-05 | not yet calculated | CVE-2017-18470 CONFIRM |
| cpanel -- cpanel | cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | 2019-08-05 | not yet calculated | CVE-2017-18474 CONFIRM |
| d-link -- 6600-ap_and_dwl-3600ap_ax_devices | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI. | 2019-08-08 | not yet calculated | CVE-2019-14335 MISC MISC |
| d-link -- dir-600m_devices | An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. | 2019-08-08 | not yet calculated | CVE-2019-13101 MISC FULLDISC MISC MISC MISC |
| das_q -- das_q | Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. | 2019-08-02 | not yet calculated | CVE-2019-14551 MISC |
| das -- u-boot | Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | 2019-08-06 | not yet calculated | CVE-2019-13106 MISC MISC MISC |
| das -- u-boot | Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. | 2019-08-06 | not yet calculated | CVE-2019-13105 MISC MISC MISC |
| das -- u-boot | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | 2019-08-06 | not yet calculated | CVE-2019-13104 MISC MISC MISC |
| dell -- client_commercial_and_consumer_platforms | Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://ift.tt/2yEur6D for versions affected by this vulnerability. | 2019-08-05 | not yet calculated | CVE-2019-3717 CONFIRM |
| dell -- dell_digital_delivery_and_alienware_digital_delivery | Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges. | 2019-08-09 | not yet calculated | CVE-2019-3744 FULLDISC |
| dell -- dell_digital_delivery_and_alienware_digital_delivery | Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges. | 2019-08-09 | not yet calculated | CVE-2019-3742 FULLDISC |
| django -- django | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | 2019-08-09 | not yet calculated | CVE-2019-14234 MISC MISC CONFIRM |
| dwsurvey -- dwsurvey | DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. | 2019-08-07 | not yet calculated | CVE-2019-14747 MISC |
| eclipse_foundation -- birt | In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context. | 2019-08-09 | not yet calculated | CVE-2019-11776 CONFIRM |
| edimax -- wi-fi_extender_devices | Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. | 2019-08-08 | not yet calculated | CVE-2016-10863 MISC |
| emca_software -- energy_logserver | The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. | 2019-08-05 | not yet calculated | CVE-2019-14521 MISC MISC MISC MISC |
| enigmail -- enigmail | In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. | 2019-08-05 | not yet calculated | CVE-2019-14664 MISC MISC |
| eq-3 -- homematic_ccu2_and_ccu3 | eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. | 2019-08-05 | not yet calculated | CVE-2019-14475 MISC |
| eq-3 -- homematic_ccu2_and_ccu3 | eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp. | 2019-08-06 | not yet calculated | CVE-2019-14473 MISC |
| eq-3 -- homematic_ccu3 | eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can start this attack too. | 2019-08-07 | not yet calculated | CVE-2019-14474 MISC |
| espocrm -- espocrm | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, which fires when the victim replies or forwards the mail, thus helping him steal victims' cookies (hence compromising their accounts). | 2019-08-05 | not yet calculated | CVE-2019-14546 MISC MISC MISC MISC |
| gcdwebserver -- gcdwebserver | An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of the app, for instance). | 2019-08-10 | not yet calculated | CVE-2019-14924 MISC MISC MISC |
| go-camo -- go-camo | A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. | 2019-08-08 | not yet calculated | CVE-2019-14255 CONFIRM |
| gogs -- gogs | routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | 2019-08-02 | not yet calculated | CVE-2019-14544 MISC |
| gree -- php_jose_library | The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. | 2019-08-07 | not yet calculated | CVE-2016-5431 CONFIRM |
| hewlett_packard_enterprise -- 3par_service_processor | A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 2019-08-09 | not yet calculated | CVE-2019-5395 CONFIRM |
| hewlett_packard_enterprise -- 3par_service_processor | A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 2019-08-09 | not yet calculated | CVE-2019-5398 CONFIRM |
| hewlett_packard_enterprise -- 3par_service_processor | A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 2019-08-09 | not yet calculated | CVE-2019-5396 CONFIRM |
| hewlett_packard_enterprise -- 3par_service_processor | A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 2019-08-09 | not yet calculated | CVE-2019-5400 CONFIRM |
| hewlett_packard_enterprise -- 3par_service_processor | A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 2019-08-09 | not yet calculated | CVE-2019-5399 CONFIRM |
| hewlett_packard_enterprise -- 3par_service_processor | A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 2019-08-09 | not yet calculated | CVE-2019-5397 CONFIRM |
| hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_media | A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 2019-08-09 | not yet calculated | CVE-2019-5403 CONFIRM |
| hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_media | A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 2019-08-09 | not yet calculated | CVE-2019-5404 CONFIRM |
| hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_media | A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 2019-08-09 | not yet calculated | CVE-2019-5402 CONFIRM |
| hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_media | A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 2019-08-09 | not yet calculated | CVE-2019-5407 CONFIRM |
| hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_media | A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 2019-08-09 | not yet calculated | CVE-2019-5405 CONFIRM |
| hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_media | A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 2019-08-09 | not yet calculated | CVE-2019-5406 CONFIRM |
| hewlett_packard_enterprise -- command_view_advanced_edition | Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr. | 2019-08-09 | not yet calculated | CVE-2019-5408 CONFIRM |
| huawei -- emily-l29c_smart_phones | Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. | 2019-08-08 | not yet calculated | CVE-2019-5236 CONFIRM |
| huawei -- honor_v20_smart_phones | Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information. | 2019-08-08 | not yet calculated | CVE-2019-5301 CONFIRM |
| huawei -- pcmanager | Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. | 2019-08-08 | not yet calculated | CVE-2019-5237 CONFIRM |
| huawei -- pcmanager | Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. | 2019-08-08 | not yet calculated | CVE-2019-5238 CONFIRM |
| huawei -- pcmanager | Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information. | 2019-08-08 | not yet calculated | CVE-2019-5239 CONFIRM |
| ibm -- aix_platform | Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. | 2019-08-05 | not yet calculated | CVE-2019-4473 CONFIRM XF |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-08-07 | not yet calculated | CVE-2019-10368 MLIST MISC |
| jenkins -- jenkins | A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | 2019-08-07 | not yet calculated | CVE-2019-10373 MLIST MISC |
| jenkins -- jenkins | An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | 2019-08-07 | not yet calculated | CVE-2019-10372 MLIST MISC |
| jenkins -- jenkins | A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 2019-08-07 | not yet calculated | CVE-2019-10371 MLIST MISC |
| jenkins -- jenkins | Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. | 2019-08-07 | not yet calculated | CVE-2019-10370 MLIST MISC |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-08-07 | not yet calculated | CVE-2019-10386 MLIST MISC |
| jenkins -- jenkins | An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master. | 2019-08-07 | not yet calculated | CVE-2019-10375 MLIST MISC |
| jenkins -- jenkins | Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. | 2019-08-07 | not yet calculated | CVE-2019-10367 MLIST MISC |
| jenkins -- jenkins | A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-08-07 | not yet calculated | CVE-2019-10387 MLIST MISC |
| jenkins -- jenkins | A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI. | 2019-08-07 | not yet calculated | CVE-2019-10374 MLIST MISC |
| jenkins -- jenkins | A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2019-08-07 | not yet calculated | CVE-2019-10369 MLIST MISC |
| jenkins -- jenkins | A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | 2019-08-07 | not yet calculated | CVE-2019-10389 MLIST MISC |
| jenkins -- jenkins | A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 2019-08-07 | not yet calculated | CVE-2019-10376 MLIST MISC |
| jenkins -- jenkins | A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins. | 2019-08-07 | not yet calculated | CVE-2019-10377 MLIST MISC |
| jenkins -- jenkins | Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-08-07 | not yet calculated | CVE-2019-10378 MLIST MISC |
| jenkins -- jenkins | A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | 2019-08-07 | not yet calculated | CVE-2019-10388 MLIST MISC |
| jenkins -- jenkins | Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | 2019-08-07 | not yet calculated | CVE-2019-10380 MLIST MISC |
| jenkins -- jenkins | Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 2019-08-07 | not yet calculated | CVE-2019-10379 MLIST MISC |
| jenkins -- jenkins | Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 2019-08-07 | not yet calculated | CVE-2019-10382 MLIST MISC |
| jenkins -- jenkins | Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 2019-08-07 | not yet calculated | CVE-2019-10385 MLIST MISC |
| jenkins -- jenkins | Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 2019-08-07 | not yet calculated | CVE-2019-10381 MLIST MISC |
| jitbit -- helpdesk | Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user. | 2019-08-09 | not yet calculated | CVE-2017-18486 MISC MISC MISC MISC |
| jura -- e8_devices | Jura E8 devices lack Bluetooth connection security. | 2019-08-07 | not yet calculated | CVE-2018-20959 MISC |
| kde -- kde_frameworks_kconfig | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | 2019-08-07 | not yet calculated | CVE-2019-14744 MISC MISC BUGTRAQ DEBIAN MISC |
| kuaifancms -- kuaifancms | A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | 2019-08-07 | not yet calculated | CVE-2019-14746 MISC |
| lcds -- laquis_scada | Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | 2019-08-05 | not yet calculated | CVE-2019-10994 MISC |
| lcds -- laquis_scada | A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). | 2019-08-05 | not yet calculated | CVE-2019-10980 MISC |
| ledger -- nano_s_and_nano_x_devices | On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | 2019-08-10 | not yet calculated | CVE-2019-14354 MISC |
| linux -- linux_kernel | In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. | 2019-08-07 | not yet calculated | CVE-2018-20961 MISC MISC MISC |
| linux -- linux_kernel | In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. | 2019-08-07 | not yet calculated | CVE-2019-14763 MISC MISC MISC MISC MISC MISC MISC |
| loom -- loom_desktop_for_mac | Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time. | 2019-08-07 | not yet calculated | CVE-2019-14432 MISC CONFIRM |
| mailpile -- mailpile | The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. | 2019-08-08 | not yet calculated | CVE-2018-20954 MISC MISC MISC |
| mediawiki -- mediawiki | In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | 2019-08-09 | not yet calculated | CVE-2019-14807 CONFIRM MISC |
| micro_focus -- content_manager | Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user?s CheckIn request. | 2019-08-07 | not yet calculated | CVE-2019-11653 MISC CONFIRM |
| microdigital -- n-series_cameras | A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | 2019-08-06 | not yet calculated | CVE-2019-14703 MISC MISC MISC |
| microdigital -- n-series_cameras | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account. | 2019-08-06 | not yet calculated | CVE-2019-14698 MISC MISC MISC |
| microdigital -- n-series_cameras | A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | 2019-08-06 | not yet calculated | CVE-2019-14709 MISC MISC MISC |
| microdigital -- n-series_cameras | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random. | 2019-08-06 | not yet calculated | CVE-2019-14701 MISC MISC MISC |
| microdigital -- n-series_cameras | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account. | 2019-08-06 | not yet calculated | CVE-2019-14702 MISC MISC MISC |
| microdigital -- n-series_cameras | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists. | 2019-08-06 | not yet calculated | CVE-2019-14700 MISC MISC MISC |
| microdigital -- n-series_cameras | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account. | 2019-08-06 | not yet calculated | CVE-2019-14708 MISC MISC MISC |
| microdigital -- n-series_cameras | An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin. | 2019-08-06 | not yet calculated | CVE-2019-14705 MISC MISC MISC |
| microdigital -- n-series_cameras | A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string. | 2019-08-06 | not yet calculated | CVE-2019-14706 MISC MISC MISC |
| microdigital -- n-series_cameras | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI. | 2019-08-06 | not yet calculated | CVE-2019-14707 MISC MISC MISC |
| microdigital -- n-series_cameras | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server. | 2019-08-06 | not yet calculated | CVE-2019-14699 MISC MISC MISC |
| microdigital -- n-series_cameras | An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. | 2019-08-06 | not yet calculated | CVE-2019-14704 MISC MISC MISC |
| mongodb -- mongodb_server | After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22. | 2019-08-06 | not yet calculated | CVE-2019-2386 CONFIRM MISC |
| musl -- libc | musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. | 2019-08-06 | not yet calculated | CVE-2019-14697 MLIST MISC |
| ncsoft -- nc_launcher2 | NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user. | 2019-08-09 | not yet calculated | CVE-2019-12805 CONFIRM |
| neet -- airstream_nas_devices | Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. | 2019-08-08 | not yet calculated | CVE-2016-10862 MISC |
| neet -- airstream_nas_devices | Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. | 2019-08-07 | not yet calculated | CVE-2016-10861 MISC |
| nespresso -- prodigio_devices | Nespresso Prodigio devices lack Bluetooth connection security. | 2019-08-08 | not yet calculated | CVE-2018-20960 MISC |
| netapp -- data_ontap_operating_in_7-mode | SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. | 2019-08-05 | not yet calculated | CVE-2019-5502 MISC |
| netapp -- oncommmand_insight | OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. | 2019-08-09 | not yet calculated | CVE-2019-5498 CONFIRM |
| netgear -- ex7000_devices | NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. | 2019-08-08 | not yet calculated | CVE-2016-10864 MISC |
| nextcloud -- nextcloud_lookup-server | An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://ift.tt/2GSQPxG) caused unauthenticated users to be able to execute arbitrary SQL commands. | 2019-08-07 | not yet calculated | CVE-2019-5476 MISC |
| nvidia -- shield_tv | NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges | 2019-08-06 | not yet calculated | CVE-2019-5679 CONFIRM |
| nvidia -- shield_tv | NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service. | 2019-08-06 | not yet calculated | CVE-2019-5682 CONFIRM |
| nvidia -- windows_gpu_display_driver_software | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution. | 2019-08-06 | not yet calculated | CVE-2019-5684 CONFIRM CONFIRM CONFIRM MISC |
| nvidia -- windows_gpu_display_driver_software | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution. | 2019-08-06 | not yet calculated | CVE-2019-5685 CONFIRM CONFIRM MISC |
| nvidia -- windows_gpu_display_driver_software | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service. | 2019-08-06 | not yet calculated | CVE-2019-5686 CONFIRM CONFIRM |
| nvidia -- windows_gpu_display_driver_software | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor | 2019-08-06 | not yet calculated | CVE-2019-5687 CONFIRM CONFIRM |
| nvidia -- windows_gpu_display_driver_software | NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. | 2019-08-06 | not yet calculated | CVE-2019-5683 CONFIRM CONFIRM |
| open_edx -- recommender | Recommender before 2018-07-18 allows XSS. | 2019-08-09 | not yet calculated | CVE-2018-20858 MISC CONFIRM |
| open_school -- open_school_and_community_edition | Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. | 2019-08-08 | not yet calculated | CVE-2019-14754 MISC MISC |
| open_school -- open_school_and_community_edition | Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter. | 2019-08-06 | not yet calculated | CVE-2019-14696 MISC MISC MISC |
| openstack -- nova | An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. | 2019-08-09 | not yet calculated | CVE-2019-14433 MLIST MISC CONFIRM |
| osticket -- osticket | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment. | 2019-08-07 | not yet calculated | CVE-2019-14748 MISC MISC MISC MISC |
| osticket -- osticket | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected. | 2019-08-07 | not yet calculated | CVE-2019-14749 MISC MISC MISC MISC |
| osticket -- osticket | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions. | 2019-08-07 | not yet calculated | CVE-2019-14750 MISC MISC MISC MISC |
| php -- php | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | 2019-08-09 | not yet calculated | CVE-2019-11042 CONFIRM |
| php -- php | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | 2019-08-09 | not yet calculated | CVE-2019-11041 CONFIRM |
| qingdao_nature_easy_soft_network_technology -- zentao | An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box. | 2019-08-06 | not yet calculated | CVE-2019-14731 MISC |
| radare2 -- radare2 | In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. | 2019-08-07 | not yet calculated | CVE-2019-14745 MISC MISC MISC |
| samsung -- mobile_devices | On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. | 2019-08-08 | not yet calculated | CVE-2019-14783 MISC |
| schben -- adive | Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. | 2019-08-06 | not yet calculated | CVE-2019-14347 MISC MISC |
| schben -- adive | Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | 2019-08-06 | not yet calculated | CVE-2019-14346 MISC MISC MISC |
| shenzhen_dragon_brothers -- fingerprint_bluetooth_round_padlock_fb50 | An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user. | 2019-08-06 | not yet calculated | CVE-2019-13143 MISC |
| sitecore -- sitecore_cms | Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog. | 2019-08-05 | not yet calculated | CVE-2019-11198 MISC MISC |
| swann -- swwhd-intcam-hd_devices | Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. | 2019-08-08 | not yet calculated | CVE-2018-20955 MISC |
| swann -- swwhd-intcam-hd_devices | Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. | 2019-08-08 | not yet calculated | CVE-2018-20956 MISC |
| tapplock -- tapplock_devices | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | 2019-08-08 | not yet calculated | CVE-2018-20957 MISC MISC |
| tapplock -- tapplock_devices | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. | 2019-08-07 | not yet calculated | CVE-2018-20958 CONFIRM MISC |
| teampass -- teampass | An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload. | 2019-08-06 | not yet calculated | CVE-2019-12950 MISC MISC |
| the_pallets_project -- werkzeug | Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | 2019-08-09 | not yet calculated | CVE-2019-14806 MISC MISC MISC |
| tibco_software -- tibco_api_exchange_gateway_and_tibco_api_exchange_ gateway_distribution_for_tibco_silver_fabric | The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions. | 2019-08-08 | not yet calculated | CVE-2019-11208 MISC CONFIRM |
| transition_technologies -- the_scheduler | The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7 | 2019-08-07 | not yet calculated | CVE-2018-14383 MISC MISC |
| trezor -- trezor_one_devices | On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices. | 2019-08-08 | not yet calculated | CVE-2019-14353 MISC |
| uipath -- orchestrator | UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features. | 2019-08-08 | not yet calculated | CVE-2018-19855 MISC MISC |
| una -- una | studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. | 2019-08-09 | not yet calculated | CVE-2019-14804 MISC MISC |
| una -- una | studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. | 2019-08-09 | not yet calculated | CVE-2019-14805 MISC MISC |
| verdaccio -- verdaccio | verdaccio before 3.12.0 allows XSS. | 2019-08-08 | not yet calculated | CVE-2019-14772 MISC |
| wind_river -- vxworks | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. | 2019-08-09 | not yet calculated | CVE-2019-12260 CONFIRM CONFIRM CONFIRM MISC MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. | 2019-08-09 | not yet calculated | CVE-2019-12265 CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | 2019-08-09 | not yet calculated | CVE-2019-12263 CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. | 2019-08-09 | not yet calculated | CVE-2019-12261 CONFIRM CONFIRM CONFIRM MISC MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Affected versions: 6.6, 6.7, 6.8, 6.9 | 2019-08-09 | not yet calculated | CVE-2019-12255 CONFIRM CONFIRM CONFIRM MISC MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | 2019-08-09 | not yet calculated | CVE-2019-12259 CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. | 2019-08-05 | not yet calculated | CVE-2019-12264 MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | 2019-08-09 | not yet calculated | CVE-2019-12257 CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets? IP optionss. | 2019-08-09 | not yet calculated | CVE-2019-12256 CONFIRM CONFIRM CONFIRM CONFIRM MISC CONFIRM |
| wind_river -- vxworks | Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. | 2019-08-09 | not yet calculated | CVE-2019-12258 CONFIRM CONFIRM CONFIRM MISC MISC CONFIRM |
| wordpress -- wordpress | The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. | 2019-08-08 | not yet calculated | CVE-2019-14774 MISC |
| wordpress -- wordpress | The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. | 2019-08-09 | not yet calculated | CVE-2016-10865 MISC MISC |
| wordpress -- wordpress | The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. | 2019-08-09 | not yet calculated | CVE-2019-14798 MISC MISC |
| wordpress -- wordpress | The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | 2019-08-09 | not yet calculated | CVE-2019-14785 MISC MISC |
| wordpress -- wordpress | The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | 2019-08-09 | not yet calculated | CVE-2019-14787 MISC MISC |
| wordpress -- wordpress | The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | 2019-08-09 | not yet calculated | CVE-2019-14791 MISC MISC |
| wordpress -- wordpress | The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | 2019-08-09 | not yet calculated | CVE-2019-14792 MISC MISC |
| wordpress -- wordpress | The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. | 2019-08-09 | not yet calculated | CVE-2019-14793 MISC MISC |
| wordpress -- wordpress | The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | 2019-08-09 | not yet calculated | CVE-2019-14794 MISC |
| wordpress -- wordpress | The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | 2019-08-09 | not yet calculated | CVE-2019-14796 MISC MISC |
| wordpress -- wordpress | The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. | 2019-08-09 | not yet calculated | CVE-2019-14797 MISC |
| wordpress -- wordpress | The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | 2019-08-09 | not yet calculated | CVE-2019-14799 MISC MISC |
| wordpress -- wordpress | The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. | 2019-08-09 | not yet calculated | CVE-2019-14801 MISC |
| wordpress -- wordpress | admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. | 2019-08-08 | not yet calculated | CVE-2019-14773 MISC MISC |
| wordpress -- wordpress | The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | 2019-08-08 | not yet calculated | CVE-2019-14683 MISC MISC MISC |
| wordpress -- wordpress | The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. | 2019-08-08 | not yet calculated | CVE-2019-14682 MISC MISC |
| wordpress -- wordpress | The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. | 2019-08-08 | not yet calculated | CVE-2019-14681 MISC MISC |
| wordpress -- wordpress | The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. | 2019-08-08 | not yet calculated | CVE-2019-14680 MISC |
| wordpress -- wordpress | core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. | 2019-08-08 | not yet calculated | CVE-2019-14679 MISC MISC |
| yourls -- yourls | YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. | 2019-08-07 | not yet calculated | CVE-2019-14537 MISC MISC MISC MISC MISC |
| zoho_manageengine -- assetexplorer | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | 2019-08-08 | not yet calculated | CVE-2019-12994 MISC |
| zoho_manageengine -- assetexplorer | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | 2019-08-08 | not yet calculated | CVE-2019-12959 MISC |
| zoho_manageengine -- assetexplorer | Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | 2019-08-08 | not yet calculated | CVE-2019-14693 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System https://ift.tt/31ylaJO