Vulnerability Summary for the Week of August 5, 2019

Original release date: August 12, 2019

 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
beardev -- joomsportThe BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.2019-08-057.5CVE-2019-14348
MISC
MISC
MISC
cpanel -- cpanelcPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).2019-08-069.0CVE-2016-10788
CONFIRM
cpanel -- cpanelThe SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).2019-08-078.7CVE-2016-10804
CONFIRM
MISC
cpanel -- cpanelIn cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).2019-08-079.0CVE-2016-10809
CONFIRM
MISC
cpanel -- cpanelIn cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).2019-08-079.0CVE-2016-10810
CONFIRM
MISC
cpanel -- cpanelIn cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).2019-08-079.0CVE-2016-10811
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).2019-08-029.0CVE-2017-18386
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).2019-08-027.2CVE-2017-18388
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).2019-08-027.2CVE-2017-18390
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).2019-08-029.0CVE-2017-18433
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).2019-08-027.2CVE-2017-18434
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).2019-08-027.5CVE-2017-18435
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).2019-08-027.2CVE-2017-18459
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).2019-08-027.2CVE-2017-18460
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).2019-08-027.2CVE-2017-18463
CONFIRM
MISC
fedoraproject -- 389_directory_serverIt was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.2019-08-027.8CVE-2019-10171
CONFIRM
magento -- magentoAn Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.2019-08-027.5CVE-2019-7890
CONFIRM
magento -- magentoA file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system.2019-08-029.0CVE-2019-7930
CONFIRM
open-emr -- openemrOpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.2019-08-027.5CVE-2019-14529
MISC
sygnoos -- popup_builderA SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled.2019-08-067.5CVE-2019-14695
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adplug -- adplugAdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp.2019-08-066.8CVE-2019-14690
MISC
adplug -- adplugAdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp.2019-08-066.8CVE-2019-14691
MISC
adplug -- adplugAdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp.2019-08-066.8CVE-2019-14692
MISC
adplug -- adplugAdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp.2019-08-066.8CVE-2019-14733
MISC
adplug -- adplugAdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp.2019-08-066.8CVE-2019-14734
MISC
brandy_project -- brandyBrandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code.2019-08-054.3CVE-2019-14662
MISC
brandy_project -- brandyBrandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code.2019-08-054.3CVE-2019-14663
MISC
brandy_project -- brandyBrandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code.2019-08-054.3CVE-2019-14665
MISC
cpanel -- cpanelcPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).2019-08-055.5CVE-2016-10768
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).2019-08-055.8CVE-2016-10769
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).2019-08-055.5CVE-2016-10770
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).2019-08-055.5CVE-2016-10771
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).2019-08-056.5CVE-2016-10773
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).2019-08-064.0CVE-2016-10785
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).2019-08-064.0CVE-2016-10786
CONFIRM
cpanel -- cpanelThe Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).2019-08-065.5CVE-2016-10787
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).2019-08-066.5CVE-2016-10789
CONFIRM
cpanel -- cpanelcPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).2019-08-076.5CVE-2016-10802
CONFIRM
MISC
cpanel -- cpanelcPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).2019-08-076.5CVE-2016-10805
CONFIRM
MISC
cpanel -- cpanelcPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).2019-08-074.0CVE-2016-10807
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).2019-08-024.0CVE-2017-18382
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).2019-08-024.6CVE-2017-18383
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).2019-08-026.5CVE-2017-18389
CONFIRM
MISC
cpanel -- cpanelcPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).2019-08-024.0CVE-2017-18426
CONFIRM
cpanel -- cpanelIn cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).2019-08-024.6CVE-2017-18430
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).2019-08-026.5CVE-2017-18438
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).2019-08-026.5CVE-2017-18439
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).2019-08-024.0CVE-2017-18440
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).2019-08-024.0CVE-2017-18441
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).2019-08-025.0CVE-2017-18442
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).2019-08-025.0CVE-2017-18443
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).2019-08-025.0CVE-2017-18444
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).2019-08-024.0CVE-2017-18445
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).2019-08-026.5CVE-2017-18446
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).2019-08-026.5CVE-2017-18447
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).2019-08-025.0CVE-2017-18448
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).2019-08-024.4CVE-2017-18450
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).2019-08-025.0CVE-2017-18451
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).2019-08-024.6CVE-2017-18452
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).2019-08-024.0CVE-2017-18453
CONFIRM
MISC
cpanel -- cpanelIn cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).2019-08-024.0CVE-2017-18455
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).2019-08-024.3CVE-2017-18456
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).2019-08-024.9CVE-2017-18457
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).2019-08-025.0CVE-2017-18461
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).2019-08-056.5CVE-2017-18469
CONFIRM
cpanel -- cpanelcPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).2019-08-054.3CVE-2017-18472
CONFIRM
MISC
dlink -- dva-5592_firmwareThe web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.2019-08-024.3CVE-2019-6968
MISC
dlink -- dva-5592_firmwareThe web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).2019-08-025.0CVE-2019-6969
MISC
firefly-iii -- flrefly_iiiFirefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.2019-08-054.3CVE-2019-14667
MISC
MISC
MISC
gnucobol_project -- gnucobolGnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code.2019-08-026.8CVE-2019-14541
MISC
ibm -- websphere_mqIBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.2019-08-054.0CVE-2019-4261
XF
CONFIRM
ipandao -- editor.mdpandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.2019-08-034.3CVE-2019-14653
MISC
joomla -- joomla!In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.2019-08-046.5CVE-2019-14654
MISC
liblouis -- liblouisA vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.2019-08-026.8CVE-2014-8184
CONFIRM
MISC
magento -- magentoA defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2.2019-08-025.0CVE-2019-7849
CONFIRM
magento -- magentoA cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.2019-08-025.8CVE-2019-7851
CONFIRM
magento -- magentoA path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties.2019-08-025.0CVE-2019-7852
CONFIRM
magento -- magentoAn insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.2019-08-025.0CVE-2019-7854
CONFIRM
magento -- magentoA cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.2019-08-025.0CVE-2019-7855
CONFIRM
magento -- magentoA cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.2019-08-024.3CVE-2019-7857
CONFIRM
magento -- magentoA cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.2019-08-025.0CVE-2019-7858
CONFIRM
magento -- magentoA path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.2019-08-025.0CVE-2019-7859
MISC
CONFIRM
magento -- magentoA cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.2019-08-025.0CVE-2019-7860
CONFIRM
magento -- magentoInsufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.2019-08-025.0CVE-2019-7861
CONFIRM
magento -- magentoAn insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.2019-08-025.0CVE-2019-7864
CONFIRM
magento -- magentoA cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.2019-08-026.8CVE-2019-7865
CONFIRM
magento -- magentoA security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.2019-08-026.5CVE-2019-7871
CONFIRM
magento -- magentoAn insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details.2019-08-025.5CVE-2019-7872
CONFIRM
magento -- magentoA cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.2019-08-025.8CVE-2019-7873
CONFIRM
magento -- magentoA cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.2019-08-024.3CVE-2019-7874
CONFIRM
magento -- magentoA remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.2019-08-026.5CVE-2019-7876
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.2019-08-024.3CVE-2019-7877
MISC
CONFIRM
magento -- magentoInsufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search.2019-08-026.5CVE-2019-7885
CONFIRM
magento -- magentoA cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.2019-08-025.0CVE-2019-7886
CONFIRM
magento -- magentoAn information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.2019-08-024.0CVE-2019-7888
CONFIRM
magento -- magentoAn injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications.2019-08-024.0CVE-2019-7889
CONFIRM
magento -- magentoA remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.2019-08-026.5CVE-2019-7892
CONFIRM
magento -- magentoA remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update.2019-08-026.5CVE-2019-7895
CONFIRM
magento -- magentoA remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update.2019-08-026.5CVE-2019-7896
CONFIRM
magento -- magentoSamples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.2019-08-025.0CVE-2019-7898
CONFIRM
magento -- magentoNames of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.2019-08-025.0CVE-2019-7899
CONFIRM
magento -- magentoA remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.2019-08-026.5CVE-2019-7903
CONFIRM
magento -- magentoInsufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.2019-08-025.5CVE-2019-7904
CONFIRM
magento -- magentoA server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code.2019-08-026.5CVE-2019-7911
CONFIRM
magento -- magentoA file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server.2019-08-026.5CVE-2019-7912
CONFIRM
magento -- magentoA server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.2019-08-026.5CVE-2019-7913
CONFIRM
magento -- magentoA denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.2019-08-025.0CVE-2019-7915
CONFIRM
magento -- magentoA server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code.2019-08-026.5CVE-2019-7923
CONFIRM
magento -- magentoAn insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.2019-08-025.5CVE-2019-7925
CONFIRM
magento -- magentoA denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.2019-08-025.0CVE-2019-7928
CONFIRM
magento -- magentoAn information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request.2019-08-024.0CVE-2019-7929
CONFIRM
magento -- magentoA remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.2019-08-026.5CVE-2019-7932
CONFIRM
magento -- magentoA reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser.2019-08-024.3CVE-2019-7939
CONFIRM
magento -- magentoA remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.2019-08-026.5CVE-2019-7942
CONFIRM
magento -- magentoA cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.2019-08-024.3CVE-2019-7947
CONFIRM
magento -- magentoAn access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information.2019-08-025.0CVE-2019-7950
CONFIRM
magento -- magentoAn information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests.2019-08-025.0CVE-2019-7951
CONFIRM
octopus -- octopus_deployIn Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.2019-08-054.0CVE-2019-14525
MISC
MISC
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cpanel -- cpanelcPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).2019-08-053.5CVE-2016-10767
CONFIRM
MISC
cpanel -- cpanelcPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).2019-08-052.1CVE-2016-10772
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).2019-08-053.5CVE-2016-10774
CONFIRM
MISC
cpanel -- cpanelcPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).2019-08-063.5CVE-2016-10776
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).2019-08-063.5CVE-2016-10777
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).2019-08-063.5CVE-2016-10778
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).2019-08-063.5CVE-2016-10779
CONFIRM
MISC
cpanel -- cpanelcPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).2019-08-063.5CVE-2016-10780
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).2019-08-063.5CVE-2016-10781
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).2019-08-063.5CVE-2016-10782
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).2019-08-063.5CVE-2016-10783
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).2019-08-063.5CVE-2016-10784
CONFIRM
cpanel -- cpanelcPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).2019-08-073.5CVE-2016-10806
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).2019-08-022.1CVE-2017-18384
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).2019-08-022.1CVE-2017-18385
CONFIRM
MISC
cpanel -- cpanelcPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).2019-08-021.9CVE-2017-18391
CONFIRM
MISC
cpanel -- cpanelcPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).2019-08-023.5CVE-2017-18417
CONFIRM
cpanel -- cpanelcPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).2019-08-023.5CVE-2017-18418
CONFIRM
cpanel -- cpanelcPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).2019-08-023.5CVE-2017-18419
CONFIRM
cpanel -- cpanelcPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).2019-08-023.5CVE-2017-18420
CONFIRM
cpanel -- cpanelcPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).2019-08-022.1CVE-2017-18421
CONFIRM
cpanel -- cpanelIn cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).2019-08-022.1CVE-2017-18422
CONFIRM
cpanel -- cpanelIn cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).2019-08-022.1CVE-2017-18423
CONFIRM
cpanel -- cpanelIn cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).2019-08-022.1CVE-2017-18424
CONFIRM
cpanel -- cpanelIn cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).2019-08-021.9CVE-2017-18425
CONFIRM
MISC
cpanel -- cpanelIn cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).2019-08-022.1CVE-2017-18429
CONFIRM
cpanel -- cpanelcPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).2019-08-022.7CVE-2017-18436
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).2019-08-023.6CVE-2017-18437
CONFIRM
MISC
cpanel -- cpanelcPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254).2019-08-022.1CVE-2017-18449
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).2019-08-023.5CVE-2017-18454
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).2019-08-023.6CVE-2017-18458
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).2019-08-053.5CVE-2017-18471
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).2019-08-053.5CVE-2017-18473
CONFIRM
MISC
cpanel -- cpanelcPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).2019-08-053.5CVE-2017-18481
CONFIRM
MISC
espocrm -- espocrmAn issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the JavaScript inside the filename and send it to users, thus helping him steal victims' cookies (hence compromising their accounts).2019-08-053.5CVE-2019-14547
MISC
MISC
MISC
MISC
espocrm -- espocrmAn issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside the body of the article, thus helping him steal victims' cookies (hence compromising their accounts).2019-08-053.5CVE-2019-14548
MISC
MISC
MISC
MISC
espocrm -- espocrmAn issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible link.2019-08-053.5CVE-2019-14549
MISC
MISC
MISC
MISC
espocrm -- espocrmAn issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims' cookies (hence compromising their accounts).2019-08-053.5CVE-2019-14550
MISC
MISC
MISC
MISC
firefly-iii -- flrefly_iiiFirefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link.2019-08-053.5CVE-2019-14668
MISC
MISC
firefly-iii -- flrefly_iiiFirefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.2019-08-053.5CVE-2019-14669
MISC
MISC
firefly-iii -- flrefly_iiiFirefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.2019-08-053.5CVE-2019-14670
MISC
MISC
firefly-iii -- flrefly_iiiFirefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.2019-08-052.1CVE-2019-14671
MISC
MISC
firefly-iii -- flrefly_iiiFirefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.2019-08-053.5CVE-2019-14672
MISC
MISC
ibm -- cloud_privateIBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.2019-08-052.1CVE-2019-4284
XF
CONFIRM
ibm -- jazz_for_service_managementIBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296.2019-08-022.1CVE-2019-4275
CONFIRM
XF
magento -- magentoA stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel.2019-08-023.5CVE-2019-7853
MISC
CONFIRM
magento -- magentoA reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.2019-08-023.5CVE-2019-7862
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories.2019-08-023.5CVE-2019-7863
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.2019-08-023.5CVE-2019-7866
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status.2019-08-023.5CVE-2019-7867
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.2019-08-023.5CVE-2019-7868
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups.2019-08-023.5CVE-2019-7869
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates.2019-08-023.5CVE-2019-7875
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript.2019-08-023.5CVE-2019-7880
CONFIRM
magento -- magentoA cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).2019-08-023.5CVE-2019-7881
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files.2019-08-023.5CVE-2019-7882
CONFIRM
magento -- magentoA reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled.2019-08-023.5CVE-2019-7887
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript.2019-08-023.5CVE-2019-7897
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information.2019-08-023.5CVE-2019-7908
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates.2019-08-023.5CVE-2019-7909
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript.2019-08-023.5CVE-2019-7921
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.2019-08-023.5CVE-2019-7926
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript.2019-08-023.5CVE-2019-7927
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript.2019-08-023.5CVE-2019-7934
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript.2019-08-023.5CVE-2019-7935
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript.2019-08-023.5CVE-2019-7936
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript.2019-08-023.5CVE-2019-7937
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript.2019-08-023.5CVE-2019-7938
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript.2019-08-023.5CVE-2019-7940
MISC
CONFIRM
magento -- magentoA stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript.2019-08-023.5CVE-2019-7944
MISC
CONFIRM
magento -- magentoA stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript.2019-08-023.5CVE-2019-7945
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1crm -- on-premise_software1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.2019-08-08not yet calculatedCVE-2019-14221
MISC
EXPLOIT-DB
3cx -- 3cx_phone_system_web_management_consoleAn issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).2019-08-08not yet calculatedCVE-2019-13176
MISC
6kbbs -- 6kbbs6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).2019-08-08not yet calculatedCVE-2015-9292
MISC
:digitallyhappy -- backpack_for_laravelThe Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.2019-08-08not yet calculatedCVE-2018-20962
MISC
MISC
MISC
MISC
adplug -- adplugAdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp.2019-08-06not yet calculatedCVE-2019-14732
MISC
annke -- sp1_hd_wireless_cameraANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID.2019-08-07not yet calculatedCVE-2017-18483
MISC
apache -- rangerPolicy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.2019-08-08not yet calculatedCVE-2019-12397
MLIST
CONFIRM
apache -- sparkPrior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.2019-08-07not yet calculatedCVE-2019-10099
MISC
aptana -- jaxerAptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.2019-08-09not yet calculatedCVE-2019-14312
MISC
MISC
atlassian -- jiraThe inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.2019-08-09not yet calculatedCVE-2018-20826
MISC
atlassian -- jiraThe activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.2019-08-09not yet calculatedCVE-2018-20827
MISC
atlassian -- jira_server_and_data_centerThere was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.2019-08-09not yet calculatedCVE-2019-11581
MISC
backdrop -- backdrop_cmsIn Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.)2019-08-07not yet calculatedCVE-2019-14770
MISC
backdrop -- backdrop_cmsBackdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.)2019-08-07not yet calculatedCVE-2019-14771
MISC
backdrop -- backdrop_cmsBackdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.)2019-08-07not yet calculatedCVE-2019-14769
MISC
canon -- multiple_eos_and_powershot_productsBuffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command.2019-08-06not yet calculatedCVE-2019-5998
MISC
MISC
CONFIRM
MISC
canon -- multiple_eos_and_powershot_productsBuffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.2019-08-06not yet calculatedCVE-2019-6000
MISC
MISC
CONFIRM
MISC
canon -- multiple_eos_and_powershot_productsMissing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier. A successful exploitation may result in a specially crafted firmware update or unofficial firmware update being applied without user's consent via unspecified vector.2019-08-06not yet calculatedCVE-2019-5995
MISC
MISC
CONFIRM
MISC
canon -- multiple_eos_and_powershot_productsBuffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command.2019-08-06not yet calculatedCVE-2019-5999
MISC
MISC
CONFIRM
MISC
canon -- multiple_eos_and_powershot_productsBuffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via setadapterbatteryreport command.2019-08-06not yet calculatedCVE-2019-6001
MISC
MISC
CONFIRM
MISC
canon -- multiple_eos_and_powershot_products
 
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via SendObjectInfo command.2019-08-06not yet calculatedCVE-2019-5994
MISC
MISC
CONFIRM
MISC
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.2019-08-08not yet calculatedCVE-2019-1952
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.2019-08-07not yet calculatedCVE-2019-1895
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.2019-08-08not yet calculatedCVE-2019-1973
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image.2019-08-08not yet calculatedCVE-2019-1946
CISCO
cisco -- enterprise_nfv_infrastructure_softwareMultiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2019-08-08not yet calculatedCVE-2019-1959
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability.2019-08-08not yet calculatedCVE-2019-1953
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.2019-08-08not yet calculatedCVE-2019-1972
CISCO
cisco -- enterprise_nfv_infrastructure_softwareMultiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2019-08-08not yet calculatedCVE-2019-1960
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.2019-08-08not yet calculatedCVE-2019-1961
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.2019-08-08not yet calculatedCVE-2019-1971
CISCO
cisco -- ios_xr_softwareA vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS–IS area to unexpectedly restart the IS–IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software.2019-08-07not yet calculatedCVE-2019-1910
CISCO
cisco -- ios_xr_software
 
A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition.2019-08-07not yet calculatedCVE-2019-1918
CISCO
cisco -- adaptive_security_applianceA vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.2019-08-07not yet calculatedCVE-2019-1934
CISCO
cisco -- adaptive_security_applianceMultiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory.2019-08-07not yet calculatedCVE-2019-1944
CISCO
cisco -- adaptive_security_applianceMultiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory.2019-08-07not yet calculatedCVE-2019-1945
CISCO
cisco -- asyncos_software_for_cisco_email_security_appliances A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. A successful exploit could allow the attacker to bypass the header filters that are configured for the affected device, which could allow malicious content to pass through the device.2019-08-08not yet calculatedCVE-2019-1955
CISCO
cisco -- firepower_management_centerA vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2019-08-08not yet calculatedCVE-2019-1949
CISCO
cisco -- firepower_threat_defenseA vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.2019-08-08not yet calculatedCVE-2019-1970
CISCO
cisco -- hyperflex_softwareA vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.2019-08-08not yet calculatedCVE-2019-1958
CISCO
cisco -- iot_field_network_directorA vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.2019-08-08not yet calculatedCVE-2019-1957
CISCO
cisco -- sd-wan_solutionA vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a target device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet in the network.2019-08-08not yet calculatedCVE-2019-1951
CISCO
cisco -- small_business_220_series_smart_switchesA vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.2019-08-07not yet calculatedCVE-2019-1914
CISCO
cisco -- small_business_220_series_smart_switchesA vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.2019-08-07not yet calculatedCVE-2019-1912
CISCO
cisco -- small_business_220_series_smart_switchesMultiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.2019-08-07not yet calculatedCVE-2019-1913
CISCO
cisco -- spa112_2-port_phone_adapterA vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by inserting malicious code in one of the configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2019-08-08not yet calculatedCVE-2019-1956
CISCO
cisco -- webex_meetings_server_softwareA vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.2019-08-08not yet calculatedCVE-2019-1954
CISCO
cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windowsMultiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2019-08-07not yet calculatedCVE-2019-1924
CISCO
cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windowsMultiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2019-08-07not yet calculatedCVE-2019-1926
CISCO
cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windowsMultiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2019-08-07not yet calculatedCVE-2019-1929
CISCO
cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windowsMultiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2019-08-07not yet calculatedCVE-2019-1928
CISCO
cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windowsMultiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2019-08-07not yet calculatedCVE-2019-1927
CISCO
cisco -- webex_network_recording_player_for_microsoft_windows_and_webex_ player_for_microsoft_windowsMultiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.2019-08-07not yet calculatedCVE-2019-1925
CISCO
cloud_foundry -- multiple_productsCF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.2019-08-05not yet calculatedCVE-2019-3800
CONFIRM
CONFIRM
cloud_foundry -- uaaCloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.2019-08-09not yet calculatedCVE-2019-11274
CONFIRM
cloud_foundry -- uaa_and_pivotal_application services_and_pivotal_ops_managerCloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ?clients.write? authority or scope can bypass the restrictions imposed on clients created via ?clients.write? and create clients with arbitrary scopes that he does not possess.2019-08-05not yet calculatedCVE-2019-11270
CONFIRM
CONFIRM
cognitoys -- dino_devicesCognitoys Dino devices allow profiles_add.html CSRF.2019-08-08not yet calculatedCVE-2017-18485
MISC
cognitoys -- dino_devicesCognitoys Dino devices allow XSS via the SSID.2019-08-08not yet calculatedCVE-2017-18484
MISC
cpanel -- cpanelcPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).2019-08-06not yet calculatedCVE-2016-10794
CONFIRM
cpanel -- cpanelcPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).2019-08-05not yet calculatedCVE-2017-18468
CONFIRM
cpanel -- cpanelIn cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).2019-08-05not yet calculatedCVE-2017-18475
CONFIRM
cpanel -- cpanelcPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).2019-08-05not yet calculatedCVE-2017-18482
CONFIRM
cpanel -- cpanelcPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).2019-08-07not yet calculatedCVE-2016-10803
CONFIRM
cpanel -- cpanelcPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).2019-08-05not yet calculatedCVE-2017-18465
CONFIRM
cpanel -- cpanelcPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).2019-08-05not yet calculatedCVE-2017-18466
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).2019-08-05not yet calculatedCVE-2016-10775
CONFIRM
cpanel -- cpanelcPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).2019-08-05not yet calculatedCVE-2017-18464
CONFIRM
cpanel -- cpanelIn cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).2019-08-07not yet calculatedCVE-2016-10812
CONFIRM
cpanel -- cpanelcPanel before 58.0.4 has improper session handling for shared users (SEC-139).2019-08-07not yet calculatedCVE-2016-10801
CONFIRM
cpanel -- cpanelcPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).2019-08-07not yet calculatedCVE-2016-10800
CONFIRM
cpanel -- cpanelcPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).2019-08-06not yet calculatedCVE-2016-10796
CONFIRM
cpanel -- cpanelcPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).2019-08-05not yet calculatedCVE-2017-18462
CONFIRM
cpanel -- cpanelcPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).2019-08-06not yet calculatedCVE-2016-10790
CONFIRM
cpanel -- cpanelcPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).2019-08-06not yet calculatedCVE-2016-10791
CONFIRM
cpanel -- cpanelIn cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).2019-08-05not yet calculatedCVE-2017-18477
CONFIRM
cpanel -- cpanelcPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).2019-08-05not yet calculatedCVE-2017-18467
CONFIRM
cpanel -- cpanelcPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).2019-08-05not yet calculatedCVE-2017-18480
CONFIRM
cpanel -- cpanelcPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).2019-08-06not yet calculatedCVE-2016-10797
CONFIRM
cpanel -- cpanelcPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).2019-08-07not yet calculatedCVE-2016-10798
CONFIRM
cpanel -- cpanelIn cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).2019-08-05not yet calculatedCVE-2017-18479
CONFIRM
cpanel -- cpanelIn cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).2019-08-05not yet calculatedCVE-2017-18478
CONFIRM
cpanel -- cpanelcPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).2019-08-06not yet calculatedCVE-2016-10792
CONFIRM
cpanel -- cpanelLeech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).2019-08-05not yet calculatedCVE-2017-18476
CONFIRM
cpanel -- cpanelcPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).2019-08-07not yet calculatedCVE-2016-10799
CONFIRM
cpanel -- cpanelIn cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).2019-08-07not yet calculatedCVE-2016-10808
CONFIRM
cpanel -- cpanelcPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).2019-08-06not yet calculatedCVE-2016-10793
CONFIRM
cpanel -- cpanelcPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).2019-08-06not yet calculatedCVE-2016-10795
CONFIRM
cpanel -- cpanelcPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).2019-08-05not yet calculatedCVE-2017-18470
CONFIRM
cpanel -- cpanelcPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).2019-08-05not yet calculatedCVE-2017-18474
CONFIRM
d-link -- 6600-ap_and_dwl-3600ap_ax_devicesAn issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI.2019-08-08not yet calculatedCVE-2019-14335
MISC
MISC
d-link -- dir-600m_devicesAn issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.2019-08-08not yet calculatedCVE-2019-13101
MISC
FULLDISC
MISC
MISC
MISC
das_q -- das_qDas Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.2019-08-02not yet calculatedCVE-2019-14551
MISC
das -- u-bootDas U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.2019-08-06not yet calculatedCVE-2019-13106
MISC
MISC
MISC
das -- u-bootDas U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.2019-08-06not yet calculatedCVE-2019-13105
MISC
MISC
MISC
das -- u-bootIn Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.2019-08-06not yet calculatedCVE-2019-13104
MISC
MISC
MISC
dell -- client_commercial_and_consumer_platformsSelect Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://ift.tt/2yEur6D for versions affected by this vulnerability.2019-08-05not yet calculatedCVE-2019-3717
CONFIRM
dell -- dell_digital_delivery_and_alienware_digital_deliveryDell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.2019-08-09not yet calculatedCVE-2019-3744
FULLDISC
dell -- dell_digital_delivery_and_alienware_digital_deliveryDell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.2019-08-09not yet calculatedCVE-2019-3742
FULLDISC
django -- djangoAn issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.2019-08-09not yet calculatedCVE-2019-14234
MISC
MISC
CONFIRM
dwsurvey -- dwsurveyDWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.2019-08-07not yet calculatedCVE-2019-14747
MISC
eclipse_foundation -- birtIn Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.2019-08-09not yet calculatedCVE-2019-11776
CONFIRM
edimax -- wi-fi_extender_devicesEdimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.2019-08-08not yet calculatedCVE-2016-10863
MISC
emca_software -- energy_logserverThe api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.2019-08-05not yet calculatedCVE-2019-14521
MISC
MISC
MISC
MISC
enigmail -- enigmailIn Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks.2019-08-05not yet calculatedCVE-2019-14664
MISC
MISC
eq-3 -- homematic_ccu2_and_ccu3eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs.2019-08-05not yet calculatedCVE-2019-14475
MISC
eq-3 -- homematic_ccu2_and_ccu3eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp.2019-08-06not yet calculatedCVE-2019-14473
MISC
eq-3 -- homematic_ccu3eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can start this attack too.2019-08-07not yet calculatedCVE-2019-14474
MISC
espocrm -- espocrmAn issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, which fires when the victim replies or forwards the mail, thus helping him steal victims' cookies (hence compromising their accounts).2019-08-05not yet calculatedCVE-2019-14546
MISC
MISC
MISC
MISC
gcdwebserver -- gcdwebserverAn issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of the app, for instance).2019-08-10not yet calculatedCVE-2019-14924
MISC
MISC
MISC
go-camo -- go-camoA Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints.2019-08-08not yet calculatedCVE-2019-14255
CONFIRM
gogs -- gogsroutes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.2019-08-02not yet calculatedCVE-2019-14544
MISC
gree -- php_jose_libraryThe PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.2019-08-07not yet calculatedCVE-2016-5431
CONFIRM
hewlett_packard_enterprise -- 3par_service_processorA remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.2019-08-09not yet calculatedCVE-2019-5395
CONFIRM
hewlett_packard_enterprise -- 3par_service_processorA remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.2019-08-09not yet calculatedCVE-2019-5398
CONFIRM
hewlett_packard_enterprise -- 3par_service_processorA remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.2019-08-09not yet calculatedCVE-2019-5396
CONFIRM
hewlett_packard_enterprise -- 3par_service_processorA remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.2019-08-09not yet calculatedCVE-2019-5400
CONFIRM
hewlett_packard_enterprise -- 3par_service_processorA remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.2019-08-09not yet calculatedCVE-2019-5399
CONFIRM
hewlett_packard_enterprise -- 3par_service_processorA remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.2019-08-09not yet calculatedCVE-2019-5397
CONFIRM
hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_mediaA remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.2019-08-09not yet calculatedCVE-2019-5403
CONFIRM
hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_mediaA remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.2019-08-09not yet calculatedCVE-2019-5404
CONFIRM
hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_mediaA remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.2019-08-09not yet calculatedCVE-2019-5402
CONFIRM
hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_mediaA remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.2019-08-09not yet calculatedCVE-2019-5407
CONFIRM
hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_mediaA remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.2019-08-09not yet calculatedCVE-2019-5405
CONFIRM
hewlett_packard_enterprise -- 3par_storeserv_management_and_core_software_mediaA remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.2019-08-09not yet calculatedCVE-2019-5406
CONFIRM
hewlett_packard_enterprise -- command_view_advanced_editionCommand View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.2019-08-09not yet calculatedCVE-2019-5408
CONFIRM
huawei -- emily-l29c_smart_phonesHuawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.2019-08-08not yet calculatedCVE-2019-5236
CONFIRM
huawei -- honor_v20_smart_phonesHuawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information.2019-08-08not yet calculatedCVE-2019-5301
CONFIRM
huawei -- pcmanagerHuawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.2019-08-08not yet calculatedCVE-2019-5237
CONFIRM
huawei -- pcmanagerHuawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.2019-08-08not yet calculatedCVE-2019-5238
CONFIRM
huawei -- pcmanagerHuawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information.2019-08-08not yet calculatedCVE-2019-5239
CONFIRM
ibm -- aix_platformMultiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.2019-08-05not yet calculatedCVE-2019-4473
CONFIRM
XF
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-08-07not yet calculatedCVE-2019-10368
MLIST
MISC
jenkins -- jenkinsA stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.2019-08-07not yet calculatedCVE-2019-10373
MLIST
MISC
jenkins -- jenkinsAn open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.2019-08-07not yet calculatedCVE-2019-10372
MLIST
MISC
jenkins -- jenkinsA session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.2019-08-07not yet calculatedCVE-2019-10371
MLIST
MISC
jenkins -- jenkinsJenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.2019-08-07not yet calculatedCVE-2019-10370
MLIST
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-08-07not yet calculatedCVE-2019-10386
MLIST
MISC
jenkins -- jenkinsAn arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.2019-08-07not yet calculatedCVE-2019-10375
MLIST
MISC
jenkins -- jenkinsDue to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.2019-08-07not yet calculatedCVE-2019-10367
MLIST
MISC
jenkins -- jenkinsA missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-08-07not yet calculatedCVE-2019-10387
MLIST
MISC
jenkins -- jenkinsA stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.2019-08-07not yet calculatedCVE-2019-10374
MLIST
MISC
jenkins -- jenkinsA missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2019-08-07not yet calculatedCVE-2019-10369
MLIST
MISC
jenkins -- jenkinsA missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.2019-08-07not yet calculatedCVE-2019-10389
MLIST
MISC
jenkins -- jenkinsA reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.2019-08-07not yet calculatedCVE-2019-10376
MLIST
MISC
jenkins -- jenkinsA missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.2019-08-07not yet calculatedCVE-2019-10377
MLIST
MISC
jenkins -- jenkinsJenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-08-07not yet calculatedCVE-2019-10378
MLIST
MISC
jenkins -- jenkinsA cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.2019-08-07not yet calculatedCVE-2019-10388
MLIST
MISC
jenkins -- jenkinsJenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.2019-08-07not yet calculatedCVE-2019-10380
MLIST
MISC
jenkins -- jenkinsJenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.2019-08-07not yet calculatedCVE-2019-10379
MLIST
MISC
jenkins -- jenkinsJenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.2019-08-07not yet calculatedCVE-2019-10382
MLIST
MISC
jenkins -- jenkinsJenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.2019-08-07not yet calculatedCVE-2019-10385
MLIST
MISC
jenkins -- jenkinsJenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.2019-08-07not yet calculatedCVE-2019-10381
MLIST
MISC
jitbit -- helpdeskJitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.2019-08-09not yet calculatedCVE-2017-18486
MISC
MISC
MISC
MISC
jura -- e8_devicesJura E8 devices lack Bluetooth connection security.2019-08-07not yet calculatedCVE-2018-20959
MISC
kde -- kde_frameworks_kconfigIn KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.2019-08-07not yet calculatedCVE-2019-14744
MISC
MISC
BUGTRAQ
DEBIAN
MISC
kuaifancms -- kuaifancmsA issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.2019-08-07not yet calculatedCVE-2019-14746
MISC
lcds -- laquis_scadaProcessing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).2019-08-05not yet calculatedCVE-2019-10994
MISC
lcds -- laquis_scadaA type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).2019-08-05not yet calculatedCVE-2019-10980
MISC
ledger -- nano_s_and_nano_x_devicesOn Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.2019-08-10not yet calculatedCVE-2019-14354
MISC
linux -- linux_kernelIn the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.2019-08-07not yet calculatedCVE-2018-20961
MISC
MISC
MISC
linux -- linux_kernelIn the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.2019-08-07not yet calculatedCVE-2019-14763
MISC
MISC
MISC
MISC
MISC
MISC
MISC
loom -- loom_desktop_for_macIncorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time.2019-08-07not yet calculatedCVE-2019-14432
MISC
CONFIRM
mailpile -- mailpileThe "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.2019-08-08not yet calculatedCVE-2018-20954
MISC
MISC
MISC
mediawiki -- mediawikiIn the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php.2019-08-09not yet calculatedCVE-2019-14807
CONFIRM
MISC
micro_focus -- content_managerRemote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user?s CheckIn request.2019-08-07not yet calculatedCVE-2019-11653
MISC
CONFIRM
microdigital -- n-series_camerasA CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account.2019-08-06not yet calculatedCVE-2019-14703
MISC
MISC
MISC
microdigital -- n-series_camerasAn issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account.2019-08-06not yet calculatedCVE-2019-14698
MISC
MISC
MISC
microdigital -- n-series_camerasA cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.2019-08-06not yet calculatedCVE-2019-14709
MISC
MISC
MISC
microdigital -- n-series_camerasAn issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random.2019-08-06not yet calculatedCVE-2019-14701
MISC
MISC
MISC
microdigital -- n-series_camerasAn issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account.2019-08-06not yet calculatedCVE-2019-14702
MISC
MISC
MISC
microdigital -- n-series_camerasAn issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists.2019-08-06not yet calculatedCVE-2019-14700
MISC
MISC
MISC
microdigital -- n-series_camerasAn issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account.2019-08-06not yet calculatedCVE-2019-14708
MISC
MISC
MISC
microdigital -- n-series_camerasAn Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin.2019-08-06not yet calculatedCVE-2019-14705
MISC
MISC
MISC
microdigital -- n-series_camerasA denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string.2019-08-06not yet calculatedCVE-2019-14706
MISC
MISC
MISC
microdigital -- n-series_camerasAn issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI.2019-08-06not yet calculatedCVE-2019-14707
MISC
MISC
MISC
microdigital -- n-series_camerasAn issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.2019-08-06not yet calculatedCVE-2019-14699
MISC
MISC
MISC
microdigital -- n-series_camerasAn SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field.2019-08-06not yet calculatedCVE-2019-14704
MISC
MISC
MISC
mongodb -- mongodb_serverAfter user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22.2019-08-06not yet calculatedCVE-2019-2386
CONFIRM
MISC
musl -- libcmusl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.2019-08-06not yet calculatedCVE-2019-14697
MLIST
MISC
ncsoft -- nc_launcher2NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.2019-08-09not yet calculatedCVE-2019-12805
CONFIRM
neet -- airstream_nas_devicesNeet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.2019-08-08not yet calculatedCVE-2016-10862
MISC
neet -- airstream_nas_devicesNeet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.2019-08-07not yet calculatedCVE-2016-10861
MISC
nespresso -- prodigio_devicesNespresso Prodigio devices lack Bluetooth connection security.2019-08-08not yet calculatedCVE-2018-20960
MISC
netapp -- data_ontap_operating_in_7-modeSMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.2019-08-05not yet calculatedCVE-2019-5502
MISC
netapp -- oncommmand_insightOnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user.2019-08-09not yet calculatedCVE-2019-5498
CONFIRM
netgear -- ex7000_devicesNETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.2019-08-08not yet calculatedCVE-2016-10864
MISC
nextcloud -- nextcloud_lookup-serverAn SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://ift.tt/2GSQPxG) caused unauthenticated users to be able to execute arbitrary SQL commands.2019-08-07not yet calculatedCVE-2019-5476
MISC
nvidia -- shield_tvNVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges2019-08-06not yet calculatedCVE-2019-5679
CONFIRM
nvidia -- shield_tvNVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service.2019-08-06not yet calculatedCVE-2019-5682
CONFIRM
nvidia -- windows_gpu_display_driver_softwareNVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.2019-08-06not yet calculatedCVE-2019-5684
CONFIRM
CONFIRM
CONFIRM
MISC
nvidia -- windows_gpu_display_driver_softwareNVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.2019-08-06not yet calculatedCVE-2019-5685
CONFIRM
CONFIRM
MISC
nvidia -- windows_gpu_display_driver_softwareNVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.2019-08-06not yet calculatedCVE-2019-5686
CONFIRM
CONFIRM
nvidia -- windows_gpu_display_driver_softwareNVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor2019-08-06not yet calculatedCVE-2019-5687
CONFIRM
CONFIRM
nvidia -- windows_gpu_display_driver_softwareNVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.2019-08-06not yet calculatedCVE-2019-5683
CONFIRM
CONFIRM
open_edx -- recommenderRecommender before 2018-07-18 allows XSS.2019-08-09not yet calculatedCVE-2018-20858
MISC
CONFIRM
open_school -- open_school_and_community_editionOpen-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.2019-08-08not yet calculatedCVE-2019-14754
MISC
MISC
open_school -- open_school_and_community_editionOpen-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.2019-08-06not yet calculatedCVE-2019-14696
MISC
MISC
MISC
openstack -- novaAn issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.2019-08-09not yet calculatedCVE-2019-14433
MLIST
MISC
CONFIRM
osticket -- osticketAn issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.2019-08-07not yet calculatedCVE-2019-14748
MISC
MISC
MISC
MISC
osticket -- osticketAn issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.2019-08-07not yet calculatedCVE-2019-14749
MISC
MISC
MISC
MISC
osticket -- osticketAn issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.2019-08-07not yet calculatedCVE-2019-14750
MISC
MISC
MISC
MISC
php -- phpWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.2019-08-09not yet calculatedCVE-2019-11042
CONFIRM
php -- phpWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.2019-08-09not yet calculatedCVE-2019-11041
CONFIRM
qingdao_nature_easy_soft_network_technology -- zentaoAn issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box.2019-08-06not yet calculatedCVE-2019-14731
MISC
radare2 -- radare2In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.2019-08-07not yet calculatedCVE-2019-14745
MISC
MISC
MISC
samsung -- mobile_devicesOn Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764.2019-08-08not yet calculatedCVE-2019-14783
MISC
schben -- adiveInternal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.2019-08-06not yet calculatedCVE-2019-14347
MISC
MISC
schben -- adiveInternal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.2019-08-06not yet calculatedCVE-2019-14346
MISC
MISC
MISC
shenzhen_dragon_brothers -- fingerprint_bluetooth_round_padlock_fb50An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user.2019-08-06not yet calculatedCVE-2019-13143
MISC
sitecore -- sitecore_cmsMultiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog.2019-08-05not yet calculatedCVE-2019-11198
MISC
MISC
swann -- swwhd-intcam-hd_devicesSwann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root.2019-08-08not yet calculatedCVE-2018-20955
MISC
swann -- swwhd-intcam-hd_devicesSwann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.2019-08-08not yet calculatedCVE-2018-20956
MISC
tapplock -- tapplock_devicesThe Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.2019-08-08not yet calculatedCVE-2018-20957
MISC
MISC
tapplock -- tapplock_devicesThe Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.2019-08-07not yet calculatedCVE-2018-20958
CONFIRM
MISC
teampass -- teampassAn issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.2019-08-06not yet calculatedCVE-2019-12950
MISC
MISC
the_pallets_project -- werkzeugPallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.2019-08-09not yet calculatedCVE-2019-14806
MISC
MISC
MISC
tibco_software -- tibco_api_exchange_gateway_and_tibco_api_exchange_ gateway_distribution_for_tibco_silver_fabricThe authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.2019-08-08not yet calculatedCVE-2019-11208
MISC
CONFIRM
transition_technologies -- the_schedulerThe Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.72019-08-07not yet calculatedCVE-2018-14383
MISC
MISC
trezor -- trezor_one_devicesOn Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices.2019-08-08not yet calculatedCVE-2019-14353
MISC
uipath -- orchestratorUiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.2019-08-08not yet calculatedCVE-2018-19855
MISC
MISC
una -- unastudio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.2019-08-09not yet calculatedCVE-2019-14804
MISC
MISC
una -- unastudio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing.2019-08-09not yet calculatedCVE-2019-14805
MISC
MISC
verdaccio -- verdaccioverdaccio before 3.12.0 allows XSS.2019-08-08not yet calculatedCVE-2019-14772
MISC
wind_river -- vxworksWind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.2019-08-09not yet calculatedCVE-2019-12260
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.2019-08-09not yet calculatedCVE-2019-12265
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.2019-08-09not yet calculatedCVE-2019-12263
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.2019-08-09not yet calculatedCVE-2019-12261
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Affected versions: 6.6, 6.7, 6.8, 6.92019-08-09not yet calculatedCVE-2019-12255
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.2019-08-09not yet calculatedCVE-2019-12259
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.2019-08-05not yet calculatedCVE-2019-12264
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.2019-08-09not yet calculatedCVE-2019-12257
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets? IP optionss.2019-08-09not yet calculatedCVE-2019-12256
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
wind_river -- vxworksWind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.2019-08-09not yet calculatedCVE-2019-12258
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
CONFIRM
wordpress -- wordpressThe woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter.2019-08-08not yet calculatedCVE-2019-14774
MISC
wordpress -- wordpressThe Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.2019-08-09not yet calculatedCVE-2016-10865
MISC
MISC
wordpress -- wordpressThe 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.2019-08-09not yet calculatedCVE-2019-14798
MISC
MISC
wordpress -- wordpressThe "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.2019-08-09not yet calculatedCVE-2019-14785
MISC
MISC
wordpress -- wordpressThe Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.2019-08-09not yet calculatedCVE-2019-14787
MISC
MISC
wordpress -- wordpressThe Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.2019-08-09not yet calculatedCVE-2019-14791
MISC
MISC
wordpress -- wordpressThe WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.2019-08-09not yet calculatedCVE-2019-14792
MISC
MISC
wordpress -- wordpressThe Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter.2019-08-09not yet calculatedCVE-2019-14793
MISC
MISC
wordpress -- wordpressThe Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.2019-08-09not yet calculatedCVE-2019-14794
MISC
wordpress -- wordpressThe mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.2019-08-09not yet calculatedCVE-2019-14796
MISC
MISC
wordpress -- wordpressThe 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.2019-08-09not yet calculatedCVE-2019-14797
MISC
wordpress -- wordpressThe FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.2019-08-09not yet calculatedCVE-2019-14799
MISC
MISC
wordpress -- wordpressThe FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.2019-08-09not yet calculatedCVE-2019-14801
MISC
wordpress -- wordpressadmin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.2019-08-08not yet calculatedCVE-2019-14773
MISC
MISC
wordpress -- wordpressThe codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.2019-08-08not yet calculatedCVE-2019-14683
MISC
MISC
MISC
wordpress -- wordpressThe acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.2019-08-08not yet calculatedCVE-2019-14682
MISC
MISC
wordpress -- wordpressThe Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.2019-08-08not yet calculatedCVE-2019-14681
MISC
MISC
wordpress -- wordpressThe admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.2019-08-08not yet calculatedCVE-2019-14680
MISC
wordpress -- wordpresscore/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF.2019-08-08not yet calculatedCVE-2019-14679
MISC
MISC
yourls -- yourlsYOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.2019-08-07not yet calculatedCVE-2019-14537
MISC
MISC
MISC
MISC
MISC
zoho_manageengine -- assetexplorerServer Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.2019-08-08not yet calculatedCVE-2019-12994
MISC
zoho_manageengine -- assetexplorerServer Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.2019-08-08not yet calculatedCVE-2019-12959
MISC
zoho_manageengine -- assetexplorerZoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.2019-08-08not yet calculatedCVE-2019-14693
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.



from US-CERT National Cyber Alert System https://ift.tt/31ylaJO