Weekly Vulnerabilities Reports > June 3 to 9, 2019

Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks.

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks.

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks.

In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK).

In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check.

An issue was discovered on Moxa AWK-3121 1.14 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482.

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content.

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution.

Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.

VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend.

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function.

Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud.

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.

Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863.

Prima Systems FlexAir, Versions 2.3.38 and prior.

Prima Systems FlexAir, Versions 2.4.9api3 and prior.

A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.

An issue was discovered in Carel pCOWeb prior to B1.2.4.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467).

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism.

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability.

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34.

Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61.

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.

A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition.

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component.

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

An issue was discovered on Moxa AWK-3121 1.14 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned.

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service.

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions.

Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.

In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check.

In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check.

In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free.

In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks.

In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check.

In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check.

In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check.

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation.

A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031.

A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field.

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482.

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties.

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices.

There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50.

There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50.

A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.

NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure.

Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe.

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.

Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system.

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`.

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.

Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation.

An issue was discovered on Moxa AWK-3121 1.14 devices.

aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.

aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system.

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header.

On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access.

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability.

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file.

A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache.

HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control.

In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function.

In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters.

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin.

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information.

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.

A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Istio 1.1.x through 1.1.6 has Incorrect Access Control.

A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root.

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.

Some Huawei S series switches have a DoS vulnerability.

On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary.

An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6.

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information.

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2.

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.

Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code.

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines.

In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition.

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8).

A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

An integer underflow issue exists in ntfs-3g 2017.3.23.

There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800.

There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1).

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers.

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag.

Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services.

An issue was discovered in MantisBT through 1.3.14, and 2.0.0.

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts.

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information.

A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

An issue was discovered in phpMyAdmin before 4.9.0.

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.

There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8).

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505.

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database.

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.

An issue was discovered on Moxa AWK-3121 1.19 devices.

An issue was discovered on Moxa AWK-3121 1.14 devices.

Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.

Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application.

This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim.

MyBB 1.8.19 has XSS in the resetpassword function.

vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions.

An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7.

X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter.

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

Gila CMS 1.9.1 has XSS.

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0.

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.

VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter.

VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering.

All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation.

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2.

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter.

Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.

Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.

In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation.

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability.

There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8).

There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8).

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information.

Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation.

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6.

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting.

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration.

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2.

CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks.

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames.

Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page.

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php.

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection.

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system.

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.

A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests.

A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20.

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.

In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI.

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys.

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.

The Chartkick gem through 3.1.0 for Ruby allows XSS.

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />.

Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices are vulnerable in manipulating a combination of IO pins to bypass the secure boot protection mechanism.

Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism.

Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability.

There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8).

There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8).

There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8).

There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2).

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.

A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device.

IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability.

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files.

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5.

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability.

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6.

Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users.

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine.