Weekly Vulnerabilities Reports > May 13 to 19, 2019

MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element.

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component.

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.

A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'.

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection.

RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability.

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g.

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.

SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges.

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server.

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3).

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3).

An issue was discovered in the Web Management Console in IPBRICK OS 6.3.

An issue was discovered in the administrator interface in IPBRICK OS 6.3.

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.

An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9.

An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9.

The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.

Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly.

A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device.

An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka 'Windows Elevation of Privilege Vulnerability'.

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries.

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries.

An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager.

Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.

Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety.

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter.

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.

Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.

Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows.

In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer.

In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe.

Untrusted search path vulnerability in Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.

Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text.

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.

An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.

An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.

MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.

Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API.

VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application.

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3).

A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0.0111 on macOS has been discovered due to an incorrect permission set.

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent.

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.

GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL.

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.

An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.

Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access.

An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1.

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'.

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'.

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'.

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'.

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection.

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system.

A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies.

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.

An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.

The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.

The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.

The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level field.

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4.

A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information.

NTP through 4.2.8p12 has a NULL Pointer Dereference.

In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.

Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.

coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault).

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28).

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions).

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46).

A vulnerability has been identified in LOGO! 8 BM (incl.

A vulnerability has been identified in LOGO! 8 BM (incl.

DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request.

Citrix ShareFile before 19.12 allows User Enumeration.

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users.

Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem.

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4.

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9.

An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9.

An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9.

An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9.

An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9.

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers.

lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.

On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service.

Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.

Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.

A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system.

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system.

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges.

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input.

Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'.

Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell.

A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE.

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality.

Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access.

Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.

Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges.

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection.

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device.

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device.

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root.

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root.

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection.

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell.

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root.

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level.

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI.

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.

An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'.

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted.

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted.

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted.

An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow.

GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter.

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).

An issue was discovered in Webiness Inventory 2.3.

A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products.

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection.

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1.

Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.

HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2.

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2.

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2.

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2.

XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter.

An XSS issue was discovered in the Admin UI in eZ Platform 2.x.

Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form.

An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.

An issue was discovered in Bilboplanet 2.0.

An issue was discovered in Bilboplanet 2.0.

An issue was discovered in Bilboplanet 2.0.

SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks.

/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.

qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.

qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.

An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products.

Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the "<img src=# onerror='eval(new Buffer(" substring.

Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page, (2) gbs, (3) side, (4) id, (5) imgid, (6) cat, or (7) orderby parameter.

In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.

Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element.

Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability.

Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code.

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.

Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.

Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.

Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.

Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.

A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files.

A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.

An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature.

The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn release packages with their own key.

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user&rsquo;s browser and Cisco Unified Intelligence Center.

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication.

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies.

An issue was discovered in WSO2 Dashboard Server 2.0.0.

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

An issue was discovered in Falco through 0.14.0.

Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access.

Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access.

In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice.

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.

An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry, aka 'Unified Write Filter Elevation of Privilege Vulnerability'.

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3).

vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file.

Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application.

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps.

There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.

CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks.

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included.

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'.

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'.

IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting.

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element.

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device.

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions).

Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1) Title, (2) Favicon, (3) Meta Description, (4) Subscribe Form (Name field label, Last name field label, Email field label), (5) Contact Form (Name field label and Email field label), and (6) Social Links (Facebook Page URL, Twitter Page URL, Instagram Page URL, YouTube Page URL, Linkedin Page URL, Google+ Page URL, RSS URL).

The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI.

Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.

panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.

ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses.

An issue was discovered in OpenEMR before 5.0.1 Patch 7.

An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'.

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.

An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks.

An issue was discovered in WSO2 API Manager 2.6.0.

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.

Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.

An issue was discovered in WSO2 Dashboard Server 2.0.0.

An issue was discovered in the administration page in IPBRICK OS 6.3.

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.

index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.

Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.

A race condition in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access.

Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access.

Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access.

Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access.

An out of bound read in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow a privileged user to potentially enable denial of service via local access.

Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device.

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device.

An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.

Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.

Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2.

An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.

An issue was discovered in WSO2 API Manager 2.6.0.