Weekly Vulnerabilities Reports > July 15 to 21, 2019
Overview
345 new vulnerabilities reported during this period, including 44 critical vulnerabilities and 88 high severity vulnerabilities. This weekly summary report vulnerabilities in 393 products from 161 vendors including Microsoft, Fedoraproject, Debian, Adobe, and Canonical. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".
- 287 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 98 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 291 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 90 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 13 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
44 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-07-19 | CVE-2019-13569 | Icegram | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. | 10.0 |
2019-07-19 | CVE-2019-12725 | Zeroshell | OS Command Injection vulnerability in Zeroshell 3.9.0 Zeroshell 3.9.0 is prone to a remote command execution vulnerability. | 10.0 |
2019-07-17 | CVE-2019-1917 | Cisco | Improper Authentication vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. | 10.0 |
2019-07-17 | CVE-2019-13447 | Sertek | SQL Injection vulnerability in Sertek Xpare 3.67 An issue was discovered in Sertek Xpare 3.67. | 10.0 |
2019-07-17 | CVE-2019-11535 | Linksys | Command Injection vulnerability in Linksys Re6300 Firmware and Re6400 Firmware Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. | 10.0 |
2019-07-17 | CVE-2019-13624 | Onosproject | Data Processing Errors vulnerability in Onosproject Onos 1.15.0 In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. | 10.0 |
2019-07-16 | CVE-2019-12988 | Citrix | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | 10.0 |
2019-07-16 | CVE-2019-12987 | Citrix | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | 10.0 |
2019-07-16 | CVE-2019-12986 | Citrix | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | 10.0 |
2019-07-16 | CVE-2019-12985 | Citrix | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | 10.0 |
2019-07-15 | CVE-2019-1010298 | Linaro | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linaro Op-Tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. | 10.0 |
2019-07-15 | CVE-2019-1010297 | Linaro | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linaro Op-Tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. | 10.0 |
2019-07-15 | CVE-2019-1010296 | Linaro | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linaro Op-Tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. | 10.0 |
2019-07-19 | CVE-2019-12815 | Proftpd Fedoraproject Debian Siemens | Improper Handling of Exceptional Conditions vulnerability in multiple products An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. | 9.8 |
2019-07-19 | CVE-2019-1010238 | Gnome Oracle Fedoraproject Debian Canonical Redhat | Out-of-bounds Write vulnerability in multiple products Gnome Pango 1.42 and later is affected by: Buffer Overflow. | 9.8 |
2019-07-18 | CVE-2019-13962 | Videolan Opensuse Debian Canonical | Out-of-bounds Read vulnerability in multiple products lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | 9.8 |
2019-07-18 | CVE-2019-13575 | Wpeverest | SQL Injection vulnerability in Wpeverest Everest Forms A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. | 9.8 |
2019-07-17 | CVE-2019-13640 | Qbittorrent | OS Command Injection vulnerability in Qbittorrent In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed. | 9.8 |
2019-07-17 | CVE-2019-13585 | Fanucamerica | Out-of-bounds Write vulnerability in Fanucamerica Robotics Virtual Robot Controller 8.23 The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request. | 9.8 |
2019-07-17 | CVE-2019-13573 | Foliovision | SQL Injection vulnerability in Foliovision FV Flowplayer Video Player A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. | 9.8 |
2019-07-17 | CVE-2019-9848 | Libreoffice Canonical Fedoraproject Debian Opensuse | Code Injection vulnerability in multiple products LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. | 9.8 |
2019-07-16 | CVE-2019-12990 | Citrix | Path Traversal vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | 9.8 |
2019-07-16 | CVE-2019-13360 | Control Webpanel | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. | 9.8 |
2019-07-15 | CVE-2019-6824 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Proclima 6.0.1/6.1 A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. | 9.8 |
2019-07-15 | CVE-2019-6823 | Schneider Electric | Code Injection vulnerability in Schneider-Electric Proclima 6.0.1/6.1 A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. | 9.8 |
2019-07-15 | CVE-2019-1010022 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc GNU Libc current is affected by: Mitigation bypass. | 9.8 |
2019-07-17 | CVE-2019-13625 | NSA | XXE vulnerability in NSA Ghidra 9.0 NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file. | 9.4 |
2019-07-17 | CVE-2019-13637 | Logmeininc | Untrusted Search Path vulnerability in Logmeininc Join.Me In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. | 9.3 |
2019-07-15 | CVE-2019-1128 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1127 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1124 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1123 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1122 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1121 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1120 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1119 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1118 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1117 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1111 | Microsoft | Unspecified vulnerability in Microsoft Excel, Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1110 | Microsoft | Unspecified vulnerability in Microsoft Excel, Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 9.3 |
2019-07-15 | CVE-2019-1102 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 9.3 |
2019-07-19 | CVE-2019-11990 | HP | Unspecified vulnerability in HP Universal Internet of Things Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. | 9.0 |
2019-07-16 | CVE-2019-12992 | Citrix | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | 9.0 |
2019-07-16 | CVE-2019-12991 | Citrix | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | 9.0 |
88 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-07-18 | CVE-2019-1010054 | Dolibarr | Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 7.0.0 Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). | 8.8 |
2019-07-16 | CVE-2019-13605 | Control Webpanel | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. | 8.8 |
2019-07-15 | CVE-2019-1010023 | GNU | Unspecified vulnerability in GNU Glibc GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. | 8.8 |
2019-07-17 | CVE-2019-12876 | Zohocorp | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. | 8.5 |
2019-07-19 | CVE-2019-1579 | Paloaltonetworks | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | 8.1 |
2019-07-16 | CVE-2019-13115 | Libssh2 Debian Fedoraproject Netapp F5 | Integer Overflow or Wraparound vulnerability in multiple products In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. | 8.1 |
2019-07-16 | CVE-2019-13616 | Libsdl Debian Opensuse Fedoraproject Canonical Redhat | Out-of-bounds Read vulnerability in multiple products SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | 8.1 |
2019-07-15 | CVE-2019-0887 | Microsoft | Path Traversal vulnerability in Microsoft products A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 8.0 |
2019-07-19 | CVE-2019-1010136 | Chinamobileltd | Missing Authentication for Critical Function vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2001En00 ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. | 7.8 |
2019-07-17 | CVE-2019-11771 | Eclipse | Permissions, Privileges, and Access Controls vulnerability in Eclipse Openj9 AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | 7.8 |
2019-07-17 | CVE-2019-13272 | Linux Debian Fedoraproject Canonical Redhat Netapp | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). | 7.8 |
2019-07-16 | CVE-2019-1010057 | Nfdump Project Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products nfdump 1.6.16 and earlier is affected by: Buffer Overflow. | 7.8 |
2019-07-15 | CVE-2019-6827 | Schneider Electric | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated. | 7.8 |
2019-07-15 | CVE-2019-6822 | Schneider Electric | Use After Free vulnerability in Schneider-Electric Zelio Soft 2 A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file. | 7.8 |
2019-07-15 | CVE-2018-7838 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. | 7.8 |
2019-07-15 | CVE-2019-1010006 | Gnome Canonical Debian Opensuse | Integer Overflow or Wraparound vulnerability in multiple products Evince 3.26.0 is affected by buffer overflow. | 7.8 |
2019-07-15 | CVE-2019-1107 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1106 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1104 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge and Internet Explorer A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1103 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1092 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1063 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1062 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1059 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1056 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1004 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-15 | CVE-2019-1001 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore, Edge and Internet Explorer A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-07-21 | CVE-2019-14231 | Onionbuzz | SQL Injection vulnerability in Onionbuzz An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. | 7.5 |
2019-07-21 | CVE-2019-14230 | Onionbuzz | SQL Injection vulnerability in Onionbuzz An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. | 7.5 |
2019-07-21 | CVE-2019-14213 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.11. | 7.5 |
2019-07-21 | CVE-2019-14211 | Foxitsoftware | Improper Input Validation vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.11. | 7.5 |
2019-07-21 | CVE-2019-14209 | Foxitsoftware Microsoft | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.10. | 7.5 |
2019-07-21 | CVE-2019-14206 | Nevma | Path Traversal vulnerability in Nevma Adaptive Images An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php. | 7.5 |
2019-07-19 | CVE-2019-9228 | Audiocodes | Unspecified vulnerability in Audiocodes products An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. | 7.5 |
2019-07-19 | CVE-2019-12193 | H3C | SQL Injection vulnerability in H3C H3Cloud OS H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. | 7.5 |
2019-07-19 | CVE-2019-1010142 | Scapy Fedoraproject | Infinite Loop vulnerability in multiple products scapy 2.4.0 is affected by: Denial of Service. | 7.5 |
2019-07-19 | CVE-2019-1010101 | Akeo | Incorrect Permission Assignment for Critical Resource vulnerability in Akeo Rufus Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. | 7.5 |
2019-07-19 | CVE-2019-1010245 | Linuxfoundation | Improper Input Validation vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. | 7.5 |
2019-07-19 | CVE-2019-1010151 | Zzcms | Path Traversal vulnerability in Zzcms Zzmcms 8.3 zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. | 7.5 |
2019-07-19 | CVE-2019-13973 | Layerbb | Unrestricted Upload of File with Dangerous Type vulnerability in Layerbb 1.1.3 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. | 7.5 |
2019-07-18 | CVE-2019-7850 | Adobe Linux Microsoft | Command Injection vulnerability in Adobe Campaign 18.10.5.8984 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. | 7.5 |
2019-07-18 | CVE-2019-13956 | Codersclub | Code Injection vulnerability in Codersclub Discuz!Ml 3.2/3.3/3.4 Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used). | 7.5 |
2019-07-18 | CVE-2019-1010248 | I Doit | SQL Injection vulnerability in I-Doit Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. | 7.5 |
2019-07-18 | CVE-2019-13952 | Gdnsd | Out-of-bounds Write vulnerability in Gdnsd The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data. | 7.5 |
2019-07-18 | CVE-2019-13951 | Gdnsd | Out-of-bounds Write vulnerability in Gdnsd 3.2.0 The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data. | 7.5 |
2019-07-18 | CVE-2019-1010268 | Ladon Project | XXE vulnerability in Ladon Project Ladon Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). | 7.5 |
2019-07-18 | CVE-2019-1010259 | Saltstack | SQL Injection vulnerability in Saltstack Salt 2018 and Salt 2019 SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. | 7.5 |
2019-07-18 | CVE-2019-3570 | Out-of-bounds Write vulnerability in Facebook Hiphop Virtual Machine Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). | 7.5 | |
2019-07-18 | CVE-2019-13509 | Docker | Information Exposure Through Log Files vulnerability in Docker In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. | 7.5 |
2019-07-18 | CVE-2019-1010104 | Techytalk | SQL Injection vulnerability in Techytalk Quick Chat TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. | 7.5 |
2019-07-17 | CVE-2019-11772 | Eclipse | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. | 7.5 |
2019-07-17 | CVE-2019-1010283 | Univention | Information Exposure vulnerability in Univention Corporate Server Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. | 7.5 |
2019-07-17 | CVE-2019-1010275 | Helm | Improper Certificate Validation vulnerability in Helm helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. | 7.5 |
2019-07-17 | CVE-2019-1010263 | Perl Crypt | Improper Verification of Cryptographic Signature vulnerability in Perl Crypt::Jwt Project Perl Crypt::Jwt Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. | 7.5 |
2019-07-17 | CVE-2019-13619 | Wireshark Fedoraproject Canonical Debian Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. | 7.5 |
2019-07-17 | CVE-2019-13577 | Computerlab | Out-of-bounds Write vulnerability in Computerlab Maple Computer WBT Snmp Administrator 2.0.195.15 SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987. | 7.5 |
2019-07-17 | CVE-2019-13614 | TP Link | Out-of-bounds Write vulnerability in Tp-Link Archer C1200 Firmware 1.0.0 CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. | 7.5 |
2019-07-17 | CVE-2019-13613 | TP Link | Out-of-bounds Write vulnerability in Tp-Link Archer C1200 Firmware 1.0.0 CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. | 7.5 |
2019-07-17 | CVE-2019-10353 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. | 7.5 |
2019-07-17 | CVE-2019-4430 | IBM | Path Traversal vulnerability in IBM Maximo Asset Management 7.6 IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. | 7.5 |
2019-07-16 | CVE-2019-13359 | Control Webpanel | Unrestricted Upload of File with Dangerous Type vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | 7.5 |
2019-07-16 | CVE-2019-12989 | Citrix | SQL Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. | 7.5 |
2019-07-16 | CVE-2019-10191 | NIC Fedoraproject | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. | 7.5 |
2019-07-16 | CVE-2019-10190 | NIC Fedoraproject | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. | 7.5 |
2019-07-16 | CVE-2019-1010292 | Linaro | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linaro Op-Tee Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. | 7.5 |
2019-07-16 | CVE-2019-1010043 | Quake3E Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quake3E Project Quake3E Quake3e < 5ed740d is affected by: Buffer Overflow. | 7.5 |
2019-07-16 | CVE-2019-1010062 | Pluck CMS | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluckcms PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. | 7.5 |
2019-07-16 | CVE-2019-1010060 | Nasa | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nasa Cfitsio NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. | 7.5 |
2019-07-15 | CVE-2019-1072 | Microsoft | Improper Input Validation vulnerability in Microsoft Azure Devops Server and Team Foundation Server A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'. | 7.5 |
2019-07-15 | CVE-2019-0785 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | 7.5 |
2019-07-15 | CVE-2019-1010295 | Linaro | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linaro Op-Tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. | 7.5 |
2019-07-15 | CVE-2019-1010293 | Linaro | Out-of-bounds Write vulnerability in Linaro Op-Tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. | 7.5 |
2019-07-15 | CVE-2019-1010044 | Archivesunleashed | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Archivesunleashed Graphpass borg-reducer c6d5240 is affected by: Buffer Overflow. | 7.5 |
2019-07-15 | CVE-2019-1010306 | Teller | Deserialization of Untrusted Data vulnerability in Teller Slanger 0.6.0 Slanger 0.6.0 is affected by: Remote Code Execution (RCE). | 7.5 |
2019-07-15 | CVE-2019-1010039 | Ulaunchelf Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ulaunchelf Project Ulaunchelf 170827A/190107 uLaunchELF < commit 170827a is affected by: Buffer Overflow. | 7.5 |
2019-07-15 | CVE-2019-1010038 | Openmodelica | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openmodelica Omcompiler OpenModelica OMCompiler is affected by: Buffer Overflow. | 7.5 |
2019-07-15 | CVE-2019-1010009 | Dglogik | Incorrect Permission Assignment for Critical Resource vulnerability in Dglogik Dglux Server DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. | 7.5 |
2019-07-17 | CVE-2019-3969 | Comodo | Unspecified vulnerability in Comodo Antivirus 11.0.0.6582/12.0.0.6810 Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent's handling of COM clients. | 7.2 |
2019-07-17 | CVE-2019-1919 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco Findit Network Manager and Findit Network Probe A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. | 7.2 |
2019-07-15 | CVE-2019-1132 | Microsoft | Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.2 |
2019-07-15 | CVE-2019-1130 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.2 |
2019-07-15 | CVE-2019-1129 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.2 |
2019-07-15 | CVE-2019-1090 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrlvr.dll Elevation of Privilege Vulnerability'. | 7.2 |
2019-07-15 | CVE-2019-1089 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. | 7.2 |
2019-07-15 | CVE-2019-1082 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. | 7.2 |
2019-07-15 | CVE-2019-1067 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.2 |
2019-07-15 | CVE-2019-0999 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.2 |
2019-07-19 | CVE-2019-11989 | HP Microsoft Redhat | Unspecified vulnerability in HP Icewall SSO Agent and MFA Proxy A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. | 7.1 |
184 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-07-15 | CVE-2019-1037 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 6.9 |
2019-07-20 | CVE-2019-12934 | WP Code Highlightjs Project | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Code-Highlightjs Project Wp-Code-Highlightjs An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. | 6.8 |
2019-07-19 | CVE-2019-13989 | Dpic Project | Out-of-bounds Write vulnerability in Dpic Project Dpic 20190620 dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c. | 6.8 |
2019-07-19 | CVE-2018-17792 | Altn | Cross-Site Request Forgery (CSRF) vulnerability in Altn Mdaemon Webmail 14.0 MDaemon Webmail (formerly WorldClient) has CSRF. | 6.8 |
2019-07-19 | CVE-2019-1010100 | Akeo | Uncontrolled Search Path Element vulnerability in Akeo Rufus Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. | 6.8 |
2019-07-19 | CVE-2015-7882 | Mongodb | Improper Authentication vulnerability in Mongodb 3.0.0/3.0.6 Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. | 6.8 |
2019-07-19 | CVE-2019-13984 | Rangerstudio | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.3.0 does not validate uploaded files. | 6.8 |
2019-07-19 | CVE-2019-13980 | Rangerstudio | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. | 6.8 |
2019-07-19 | CVE-2019-13979 | Rangerstudio | Unrestricted Upload of File with Dangerous Type vulnerability in Rangerstudio Directus 7 API In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. | 6.8 |
2019-07-19 | CVE-2019-13974 | Layerbb | Cross-Site Request Forgery (CSRF) vulnerability in Layerbb 1.1.3 LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | 6.8 |
2019-07-18 | CVE-2019-7956 | Adobe | Untrusted Search Path vulnerability in Adobe Dreamweaver Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. | 6.8 |
2019-07-18 | CVE-2019-13961 | Flatcore | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. | 6.8 |
2019-07-18 | CVE-2019-1010112 | Phpcoo | Cross-Site Request Forgery (CSRF) vulnerability in PHPcoo Oecms 4.3/4.3.R60321 OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). | 6.8 |
2019-07-18 | CVE-2019-9231 | Audiocodes | Cross-Site Request Forgery (CSRF) vulnerability in Audiocodes products An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. | 6.8 |
2019-07-18 | CVE-2019-13949 | Syguestbook A5 Project | Cross-Site Request Forgery (CSRF) vulnerability in Syguestbook A5 Project Syguestbook A5 1.2 SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change. | 6.8 |
2019-07-18 | CVE-2019-1010096 | Domainmod | Cross-Site Request Forgery (CSRF) vulnerability in Domainmod 4.10.0 DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). | 6.8 |
2019-07-18 | CVE-2019-1010095 | Domainmod | Cross-Site Request Forgery (CSRF) vulnerability in Domainmod 4.10.0 DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). | 6.8 |
2019-07-18 | CVE-2019-1010094 | Domainmod | Cross-Site Request Forgery (CSRF) vulnerability in Domainmod 4.10.0 domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). | 6.8 |
2019-07-17 | CVE-2019-13631 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. | 6.8 |
2019-07-17 | CVE-2019-13623 | NSA | Path Traversal vulnerability in NSA Ghidra In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. | 6.8 |
2019-07-16 | CVE-2019-13611 | Python Engineio Project | Cross-Site Request Forgery (CSRF) vulnerability in Python-Engineio Project Python-Engineio An issue was discovered in python-engineio through 3.8.2. | 6.8 |
2019-07-15 | CVE-2019-6825 | Schneider Electric | Uncontrolled Search Path Element vulnerability in Schneider-Electric Proclima 6.0.1/6.1 A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0. | 6.8 |
2019-07-15 | CVE-2019-1113 | Microsoft | Improper Input Validation vulnerability in Microsoft .Net Framework and Visual Studio 2017 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. | 6.8 |
2019-07-15 | CVE-2019-0975 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2016 and Windows Server 2019 A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. | 6.8 |
2019-07-18 | CVE-2019-3592 | Mcafee | Unspecified vulnerability in Mcafee Agent Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory. | 6.7 |
2019-07-15 | CVE-2019-1077 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019 An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'. | 6.6 |
2019-07-20 | CVE-2018-17210 | Printeron | Improper Authorization vulnerability in Printeron Central Print Services 2.5/4.1.4 An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. | 6.5 |
2019-07-19 | CVE-2019-11553 | Code42 | Improper Privilege Management vulnerability in Code42 In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. | 6.5 |
2019-07-19 | CVE-2019-13978 | Ovidentia | SQL Injection vulnerability in Ovidentia 8.4.3 Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. | 6.5 |
2019-07-19 | CVE-2019-13969 | Metinfo | SQL Injection vulnerability in Metinfo Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. | 6.5 |
2019-07-18 | CVE-2019-1010065 | Sleuthkit Fedoraproject Debian | Integer Overflow or Wraparound vulnerability in multiple products The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. | 6.5 |
2019-07-17 | CVE-2019-13626 | Libsdl Fedoraproject Debian Opensuse | Out-of-bounds Read vulnerability in multiple products SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. | 6.5 |
2019-07-17 | CVE-2019-10352 | Jenkins | Path Traversal vulnerability in Jenkins A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | 6.5 |
2019-07-16 | CVE-2018-13442 | Solarwinds | SQL Injection vulnerability in Solarwinds Network Performance Monitor SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. | 6.5 |
2019-07-16 | CVE-2019-1576 | Paloaltonetworks | OS Command Injection vulnerability in Paloaltonetworks Pan-Os 9.0.0/9.0.1/9.0.2 Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | 6.5 |
2019-07-16 | CVE-2019-1575 | Paloaltonetworks | Information Exposure vulnerability in Paloaltonetworks Pan-Os Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them. | 6.5 |
2019-07-15 | CVE-2019-1068 | Microsoft | Unspecified vulnerability in Microsoft SQL Server 2014/2016/2017 A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'. | 6.5 |
2019-07-15 | CVE-2019-1109 | Microsoft | Improper Input Validation vulnerability in Microsoft Office and Office 365 A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'. | 6.4 |
2019-07-19 | CVE-2019-1010247 | Openidc | Cross-site Scripting vulnerability in Openidc MOD Auth Openidc ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). | 6.1 |
2019-07-17 | CVE-2019-1920 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. | 6.1 |
2019-07-17 | CVE-2018-2021 | IBM | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. | 6.1 |
2019-07-15 | CVE-2019-0234 | Apache | Cross-site Scripting vulnerability in Apache Roller 5.2.0/5.2.1/5.2.2 A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. | 6.1 |
2019-07-15 | CVE-2019-1010016 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 6.0.4 Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). | 6.1 |
2019-07-17 | CVE-2019-13636 | GNU | Link Following vulnerability in GNU Patch In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. | 5.9 |
2019-07-20 | CVE-2019-9229 | Audiocodes | Use of Hard-coded Credentials vulnerability in Audiocodes products An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. | 5.8 |
2019-07-18 | CVE-2019-7955 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. | 5.8 |
2019-07-17 | CVE-2019-1943 | Cisco | Open Redirect vulnerability in Cisco products A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 5.8 |
2019-07-16 | CVE-2019-1010290 | Cmsmadesimple | Open Redirect vulnerability in Cmsmadesimple Bable:Multilingual Site Babel: Multilingual site Babel All is affected by: Open Redirection. | 5.8 |
2019-07-15 | CVE-2019-1075 | Microsoft | Open Redirect vulnerability in Microsoft Asp.Net Core 2.1/2.2 A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. | 5.8 |
2019-07-19 | CVE-2019-12820 | Jisiwei | Cleartext Transmission of Sensitive Information vulnerability in Jisiwei I3 Firmware 2.0 A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. | 5.6 |
2019-07-19 | CVE-2019-13648 | Linux | Resource Management Errors vulnerability in Linux Kernel In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. | 5.5 |
2019-07-18 | CVE-2019-13960 | Libjpeg Turbo | Allocation of Resources Without Limits or Throttling vulnerability in Libjpeg-Turbo 2.0.2 In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. | 5.5 |
2019-07-18 | CVE-2019-1010252 | Linuxfoundation | Improper Input Validation vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. | 5.5 |
2019-07-18 | CVE-2019-1010250 | Linuxfoundation | Improper Input Validation vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. | 5.5 |
2019-07-18 | CVE-2019-1010249 | Linuxfoundation | Integer Overflow or Wraparound vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. | 5.5 |
2019-07-18 | CVE-2019-1010069 | Moinejf Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. | 5.5 |
2019-07-15 | CVE-2019-0966 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 5.5 |
2019-07-15 | CVE-2019-1010302 | Jhead Project Fedoraproject Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products jhead 3.03 is affected by: Incorrect Access Control. | 5.5 |
2019-07-15 | CVE-2019-1010301 | Jhead Project Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products jhead 3.03 is affected by: Buffer Overflow. | 5.5 |
2019-07-15 | CVE-2019-1010305 | Kyzer Fedoraproject Debian Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libmspack 0.9.1alpha is affected by: Buffer Overflow. | 5.5 |
2019-07-18 | CVE-2019-13647 | Firefly III | Cross-site Scripting vulnerability in Firefly-Iii Firefly III Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. | 5.4 |
2019-07-18 | CVE-2019-13646 | Firefly III | Cross-site Scripting vulnerability in Firefly-Iii Firefly III Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. | 5.4 |
2019-07-18 | CVE-2019-13645 | Firefly III | Cross-site Scripting vulnerability in Firefly-Iii Firefly III Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. | 5.4 |
2019-07-18 | CVE-2019-13644 | Firefly III | Cross-site Scripting vulnerability in Firefly-Iii Firefly III Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. | 5.4 |
2019-07-17 | CVE-2019-4211 | IBM | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. | 5.4 |
2019-07-17 | CVE-2018-1921 | IBM | Cross-site Scripting vulnerability in IBM Campaign IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. | 5.4 |
2019-07-17 | CVE-2018-2022 | IBM | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. | 5.3 |
2019-07-16 | CVE-2019-3571 | Improper Input Validation vulnerability in Whatsapp An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. | 5.3 | |
2019-07-16 | CVE-2019-13383 | Control Webpanel | Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. | 5.3 |
2019-07-15 | CVE-2019-5447 | Http File Server Project | Path Traversal vulnerability in Http-File-Server Project Http-File-Server A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. | 5.3 |
2019-07-15 | CVE-2019-1010025 | GNU | Use of Insufficiently Random Values vulnerability in GNU Glibc GNU Libc current is affected by: Mitigation bypass. | 5.3 |
2019-07-15 | CVE-2019-1010024 | GNU | Information Exposure vulnerability in GNU Glibc GNU Libc current is affected by: Mitigation bypass. | 5.3 |
2019-07-18 | CVE-2016-10762 | Automattic | Command Injection vulnerability in Automattic Camptix Event Ticketing The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. | 5.1 |
2019-07-15 | CVE-2019-1136 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2010/2013 An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | 5.1 |
2019-07-21 | CVE-2019-14215 | Foxitsoftware Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.11. | 5.0 |
2019-07-21 | CVE-2019-14214 | Foxitsoftware Microsoft | Unspecified vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.10. | 5.0 |
2019-07-21 | CVE-2019-14212 | Foxitsoftware Microsoft | NULL Pointer Dereference vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.11. | 5.0 |
2019-07-21 | CVE-2019-14210 | Foxitsoftware Microsoft | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.10. | 5.0 |
2019-07-21 | CVE-2019-14208 | Foxitsoftware Microsoft | NULL Pointer Dereference vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.10. | 5.0 |
2019-07-21 | CVE-2019-14207 | Foxitsoftware Microsoft | Infinite Loop vulnerability in Foxitsoftware Phantompdf An issue was discovered in Foxit PhantomPDF before 8.3.11. | 5.0 |
2019-07-21 | CVE-2019-14205 | Nevma | Path Traversal vulnerability in Nevma Adaptive Images A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php. | 5.0 |
2019-07-19 | CVE-2019-1010239 | Cjson Project Oracle | NULL Pointer Dereference vulnerability in multiple products DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. | 5.0 |
2019-07-19 | CVE-2019-13983 | Rangerstudio | Missing Authentication for Critical Function vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. | 5.0 |
2019-07-19 | CVE-2019-13982 | Rangerstudio | Information Exposure vulnerability in Rangerstudio Directus 7 interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview. | 5.0 |
2019-07-19 | CVE-2019-13981 | Rangerstudio | Forced Browsing vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. | 5.0 |
2019-07-19 | CVE-2019-12946 | Elcom | SQL Injection vulnerability in Elcom CMS 10.7 Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx. | 5.0 |
2019-07-18 | CVE-2019-7941 | Adobe | Information Exposure vulnerability in Adobe Campaign 18.10.5.8984 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. | 5.0 |
2019-07-18 | CVE-2019-7848 | Adobe Linux Microsoft | Unspecified vulnerability in Adobe Campaign 18.10.5.8984 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. | 5.0 |
2019-07-18 | CVE-2019-7847 | Adobe Linux Microsoft | XXE vulnerability in Adobe Campaign 18.10.5.8984 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. | 5.0 |
2019-07-18 | CVE-2019-7846 | Adobe | 7PK - Errors vulnerability in Adobe Campaign 18.10.5.8984 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. | 5.0 |
2019-07-18 | CVE-2019-7843 | Adobe Linux Microsoft | Improper Input Validation vulnerability in Adobe Campaign 18.10.5.8984 Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. | 5.0 |
2019-07-18 | CVE-2019-1010279 | Oisf | Improper Verification of Cryptographic Signature vulnerability in Oisf Suricata Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. | 5.0 |
2019-07-18 | CVE-2019-1010246 | Mailcleaner | Missing Authorization vulnerability in Mailcleaner MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. | 5.0 |
2019-07-18 | CVE-2019-1010251 | Oisf | Improper Input Validation vulnerability in Oisf Suricata Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. | 5.0 |
2019-07-18 | CVE-2019-13915 | B3Log | Injection vulnerability in B3Log Wide b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. | 5.0 |
2019-07-18 | CVE-2019-1010066 | Llnl | Improper Privilege Management vulnerability in Llnl Model Specific Registers-Safe 1.1.0 Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. | 5.0 |
2019-07-17 | CVE-2019-8932 | Rdbrck | Insufficiently Protected Credentials vulnerability in Rdbrck Shift Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | 5.0 |
2019-07-17 | CVE-2019-8931 | Rdbrck | Information Exposure vulnerability in Rdbrck Shift Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | 5.0 |
2019-07-17 | CVE-2019-12914 | Rdbrck | Insecure Storage of Sensitive Information vulnerability in Rdbrck Shift Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | 5.0 |
2019-07-17 | CVE-2019-12911 | Rdbrck | Insecure Storage of Sensitive Information vulnerability in Rdbrck Shift Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | 5.0 |
2019-07-17 | CVE-2019-13584 | Fanucamerica | Path Traversal vulnerability in Fanucamerica Robotics Virtual Robot Controller 8.23 The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. | 5.0 |
2019-07-17 | CVE-2019-13403 | Temenos | Unspecified vulnerability in Temenos CWX 8.9 Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information. | 5.0 |
2019-07-17 | CVE-2019-12175 | Zeek | NULL Pointer Dereference vulnerability in Zeek In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. | 5.0 |
2019-07-17 | CVE-2019-1010083 | Palletsprojects | Unspecified vulnerability in Palletsprojects Flask The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. | 5.0 |
2019-07-16 | CVE-2019-6160 | Lenovo | Unspecified vulnerability in Lenovo products A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. | 5.0 |
2019-07-16 | CVE-2019-13618 | Gpac | Out-of-bounds Read vulnerability in Gpac In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. | 5.0 |
2019-07-16 | CVE-2018-19629 | Hyland | Improper Input Validation vulnerability in Hyland Perceptive Content Server 7.1.4 A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection. | 5.0 |
2019-07-16 | CVE-2019-13612 | Altn | Improper Input Validation vulnerability in Altn Mdaemon Email Server 19 MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. | 5.0 |
2019-07-15 | CVE-2019-1126 | Microsoft | Improper Restriction of Excessive Authentication Attempts vulnerability in Microsoft products A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. | 5.0 |
2019-07-15 | CVE-2019-1083 | Microsoft | Data Processing Errors vulnerability in Microsoft .Net Framework A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. | 5.0 |
2019-07-15 | CVE-2019-1006 | Microsoft | Improper Certificate Validation vulnerability in Microsoft products An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. | 5.0 |
2019-07-15 | CVE-2019-0865 | Microsoft | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way SymCrypt handles digital signatures., aka 'SymCrypt Denial of Service Vulnerability'. | 5.0 |
2019-07-15 | CVE-2019-0811 | Microsoft | Data Processing Errors vulnerability in Microsoft products A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'. | 5.0 |
2019-07-15 | CVE-2019-1010308 | Aquaverde | Insufficiently Protected Credentials vulnerability in Aquaverde Aquarius CMS Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. | 5.0 |
2019-07-15 | CVE-2019-1010300 | MZ Automation | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mz-Automation Libiec61850 1.3.0/1.3.1/1.3.2 mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. | 5.0 |
2019-07-15 | CVE-2019-1010299 | Rust Lang | Information Exposure vulnerability in Rust-Lang Rust The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. | 5.0 |
2019-07-15 | CVE-2019-1010294 | Linaro | Numeric Errors vulnerability in Linaro Op-Tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. | 5.0 |
2019-07-15 | CVE-2019-1010304 | Mirumee | Missing Authorization vulnerability in Mirumee Saleor Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. | 5.0 |
2019-07-15 | CVE-2019-1010017 | Libnmap | XML Injection (aka Blind XPath Injection) vulnerability in Libnmap libnmap < v0.6.3 is affected by: XML Injection. | 5.0 |
2019-07-17 | CVE-2019-3973 | Comodo | Out-of-bounds Write vulnerability in Comodo Antivirus 11.0.0.6582 Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". | 4.9 |
2019-07-19 | CVE-2019-12821 | Jisiwei | Use of Insufficiently Random Values vulnerability in Jisiwei I3 Firmware 2.0 A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. | 4.8 |
2019-07-19 | CVE-2019-7590 | Johnsoncontrols | Unquoted Search Path or Element vulnerability in Johnsoncontrols Exacqvision Server 9.6/9.8 ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. | 4.6 |
2019-07-19 | CVE-2019-5680 | Nvidia | Improper Input Validation vulnerability in Nvidia Jetson TX1 Firmware In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges. | 4.6 |
2019-07-17 | CVE-2019-1923 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. | 4.6 |
2019-07-15 | CVE-2019-1088 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. | 4.6 |
2019-07-15 | CVE-2019-1087 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. | 4.6 |
2019-07-15 | CVE-2019-1086 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. | 4.6 |
2019-07-15 | CVE-2019-1085 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'. | 4.6 |
2019-07-15 | CVE-2019-0880 | Microsoft | Unspecified vulnerability in Microsoft products A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 4.6 |
2019-07-19 | CVE-2019-11552 | Code42 | Code Injection vulnerability in Code42 products Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. | 4.4 |
2019-07-19 | CVE-2019-12453 | Microstrategy | Cross-site Scripting vulnerability in Microstrategy web 10.1/7 In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. | 4.3 |
2019-07-19 | CVE-2019-1010113 | Premiumsoftware | Cross-site Scripting vulnerability in Premiumsoftware Cleditor Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-07-19 | CVE-2019-13972 | Layerbb | Cross-site Scripting vulnerability in Layerbb 1.1.3 LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. | 4.3 |
2019-07-19 | CVE-2019-13971 | Otcms | Cross-site Scripting vulnerability in Otcms 3.81 OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. | 4.3 |
2019-07-19 | CVE-2019-13970 | Antsword Project | Cross-site Scripting vulnerability in Antsword Project Antsword In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js. | 4.3 |
2019-07-18 | CVE-2019-7963 | Adobe Apple Microsoft | Out-of-bounds Read vulnerability in Adobe Bridge CC 6.1/9.0.2 Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. | 4.3 |
2019-07-18 | CVE-2019-7954 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. | 4.3 |
2019-07-18 | CVE-2019-7953 | Adobe | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Experience Manager Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. | 4.3 |
2019-07-18 | CVE-2019-8286 | Kaspersky | Information Exposure vulnerability in Kaspersky products Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). | 4.3 |
2019-07-18 | CVE-2019-13959 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1627 In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. | 4.3 |
2019-07-18 | CVE-2019-1010261 | Gitea | Cross-site Scripting vulnerability in Gitea Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-07-18 | CVE-2019-3794 | Pivotal Software | Improper Restriction of Rendered UI Layers or Frames vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. | 4.3 |
2019-07-18 | CVE-2019-9230 | Audiocodes | Cross-site Scripting vulnerability in Audiocodes products An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. | 4.3 |
2019-07-18 | CVE-2019-13607 | Opera | Cross-site Scripting vulnerability in Opera Mini 16.0.14 The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. | 4.3 |
2019-07-18 | CVE-2019-13643 | Espocrm | Cross-site Scripting vulnerability in Espocrm Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. | 4.3 |
2019-07-17 | CVE-2019-5222 | Huawei | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Honor Magic 2 Firmware Tonyal00B/Tonytl00B9.0.0.182(C00E180R2P2) There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). | 4.3 |
2019-07-17 | CVE-2019-1941 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2019-07-17 | CVE-2019-1940 | Cisco | Improper Certificate Validation vulnerability in Cisco Industrial Network Director A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. | 4.3 |
2019-07-17 | CVE-2019-1010287 | Timesheet Next GEN Project | Cross-site Scripting vulnerability in Timesheet Next GEN Project Timesheet Next GEN Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-07-17 | CVE-2019-13448 | Sertek | Cross-site Scripting vulnerability in Sertek Xpare 3.67 An issue was discovered in Sertek Xpare 3.67. | 4.3 |
2019-07-17 | CVE-2019-13346 | MYT Project | Cross-site Scripting vulnerability in MYT Project MYT 1.5.1 In MyT 1.5.1, the User[username] parameter has XSS. | 4.3 |
2019-07-17 | CVE-2019-12475 | Microstrategy | Cross-site Scripting vulnerability in Microstrategy web 10.1/10.4/7 In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. | 4.3 |
2019-07-17 | CVE-2019-1010091 | Tiny | Cross-site Scripting vulnerability in Tiny Tinymce tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. | 4.3 |
2019-07-17 | CVE-2019-10354 | Jenkins Redhat | Missing Authorization vulnerability in multiple products A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. | 4.3 |
2019-07-17 | CVE-2019-13453 | Zipios Project | Infinite Loop vulnerability in Zipios Project Zipios 0.1.5/0.1.6 Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. | 4.3 |
2019-07-17 | CVE-2019-4194 | IBM | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3.0/1.1.3.1/1.1.3.2 IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. | 4.3 |
2019-07-17 | CVE-2019-9849 | Libreoffice Canonical Fedoraproject Debian Opensuse | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. | 4.3 |
2019-07-16 | CVE-2019-12834 | Ht2Labs | Cross-site Scripting vulnerability in Ht2Labs Learning Locker 3.15.1 In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. | 4.3 |
2019-07-16 | CVE-2019-13617 | F5 | Out-of-bounds Read vulnerability in F5 NJS njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. | 4.3 |
2019-07-16 | CVE-2019-13615 | Videolan | Out-of-bounds Read vulnerability in Videolan VLC Media Player libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. | 4.3 |
2019-07-16 | CVE-2019-13603 | Hidglobal | Unspecified vulnerability in Hidglobal Digital Persona U.Are.U 4500 Driver Firmware 5.0.0.5 An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. | 4.3 |
2019-07-16 | CVE-2019-1010018 | Zammad | Cross-site Scripting vulnerability in Zammad Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. | 4.3 |
2019-07-15 | CVE-2019-1116 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-1112 | Microsoft | Information Exposure vulnerability in Microsoft Office and Office 365 Proplus An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-1101 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-1100 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-1099 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-1098 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-1095 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-1094 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-1079 | Microsoft | Improper Input Validation vulnerability in Microsoft Visual Studio An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'. | 4.3 |
2019-07-15 | CVE-2019-13604 | Assaabloy | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Assaabloy HID Digitalpersona 4500 Firmware 24 There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. | 4.3 |
2019-07-15 | CVE-2019-1010028 | School College Portal With ERP Script Project | Cross-site Scripting vulnerability in School College Portal With ERP Script Project School College Portal With ERP Script 2.6.1 phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-07-15 | CVE-2019-1010005 | Hexoeditor Project | Cross-site Scripting vulnerability in Hexoeditor Project Hexoeditor 1.1.8 HexoEditor v1.1.8-beta is affected by: XSS to code execution. | 4.3 |
2019-07-15 | CVE-2019-1010004 | Sound Exchange Project | Out-of-bounds Read vulnerability in Sound Exchange Project Sound Exchange SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. | 4.3 |
2019-07-19 | CVE-2019-1010241 | Jenkins | Credentials Management vulnerability in Jenkins Credentials Binding 1.17 Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. | 4.0 |
2019-07-18 | CVE-2019-3734 | Dell | Unspecified vulnerability in Dell products Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. | 4.0 |
2019-07-17 | CVE-2019-1942 | Cisco | SQL Injection vulnerability in Cisco Identity Services Engine A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.0 |
2019-07-17 | CVE-2019-1010266 | Lodash | Resource Exhaustion vulnerability in Lodash lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. | 4.0 |
2019-07-17 | CVE-2019-1010084 | Dancer | Incorrect Authorization vulnerability in Dancer::Plugin::Simplecrud Project Dancer::Plugin::Simplecrud Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. | 4.0 |
2019-07-15 | CVE-2019-1108 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'. | 4.0 |
2019-07-15 | CVE-2019-1084 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. | 4.0 |
2019-07-15 | CVE-2019-0962 | Microsoft | Unspecified vulnerability in Microsoft Azure Automation An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'. | 4.0 |
2019-07-15 | CVE-2019-1010034 | Deepsoft | SQL Injection vulnerability in Deepsoft Weblibrarian Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. | 4.0 |
29 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-07-18 | CVE-2019-11230 | Avast | Link Following vulnerability in Avast Antivirus In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. | 3.6 |
2019-07-19 | CVE-2019-13977 | Ovidentia | Cross-site Scripting vulnerability in Ovidentia 8.4.3 index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. | 3.5 |
2019-07-18 | CVE-2019-13950 | Syguestbook A5 Project | Cross-site Scripting vulnerability in Syguestbook A5 Project Syguestbook A5 1.2 index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment. | 3.5 |
2019-07-18 | CVE-2019-13948 | Syguestbook A5 Project | Cross-site Scripting vulnerability in Syguestbook A5 Project Syguestbook A5 1.2 SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element. | 3.5 |
2019-07-18 | CVE-2016-10763 | Automattic | Cross-site Scripting vulnerability in Automattic Camptix Event Ticketing The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. | 3.5 |
2019-07-17 | CVE-2019-13493 | Sitecore | Cross-site Scripting vulnerability in Sitecore Experience Platform 9.0 In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. | 3.5 |
2019-07-15 | CVE-2019-1137 | Microsoft | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016/2019 A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. | 3.5 |
2019-07-15 | CVE-2019-1134 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 3.5 |
2019-07-15 | CVE-2019-1076 | Microsoft | Cross-site Scripting vulnerability in Microsoft Azure Devops Server and Team Foundation Server A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | 3.5 |
2019-07-15 | CVE-2019-1010307 | Glpi Project | Cross-site Scripting vulnerability in Glpi-Project Glpi 9.3.1 GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). | 3.5 |
2019-07-15 | CVE-2019-1010008 | Openenergymonitor | Cross-site Scripting vulnerability in Openenergymonitor Emoncms 9.8.8 OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). | 3.5 |
2019-07-19 | CVE-2019-13991 | Arduino | Unspecified vulnerability in Arduino Firmware Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity. | 3.3 |
2019-07-17 | CVE-2019-4054 | IBM | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. | 3.3 |
2019-07-15 | CVE-2014-10374 | Fitbit | Information Exposure vulnerability in Fitbit Charge 2 Firmware On Fitbit activity-tracker devices, certain addresses never change. | 3.3 |
2019-07-18 | CVE-2019-3741 | Dell | Protection Mechanism Failure vulnerability in Dell products Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. | 2.1 |
2019-07-17 | CVE-2019-3972 | Comodo | Out-of-bounds Read vulnerability in Comodo Antivirus 11.0.0.6582/12.0.0.6810 Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object "<GUID>_CisSharedMemBuff". | 2.1 |
2019-07-17 | CVE-2019-3971 | Comodo | Unspecified vulnerability in Comodo Antivirus 11.0.0.6582/12.0.0.6810 Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". | 2.1 |
2019-07-17 | CVE-2019-3970 | Comodo | Improper Input Validation vulnerability in Comodo Antivirus Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. | 2.1 |
2019-07-17 | CVE-2019-12913 | Rdbrck | Unspecified vulnerability in Rdbrck Shift Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | 2.1 |
2019-07-17 | CVE-2019-12912 | Rdbrck | Untrusted Search Path vulnerability in Rdbrck Shift Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | 2.1 |
2019-07-15 | CVE-2019-1097 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 2.1 |
2019-07-15 | CVE-2019-1096 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 2.1 |
2019-07-15 | CVE-2019-1093 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 2.1 |
2019-07-15 | CVE-2019-1091 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'. | 2.1 |
2019-07-15 | CVE-2019-1074 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. | 2.1 |
2019-07-15 | CVE-2019-1073 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2.1 |
2019-07-15 | CVE-2019-1071 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2.1 |
2019-07-19 | CVE-2019-1167 | Microsoft | Unspecified vulnerability in Microsoft Powershell Core 6.1/6.2 A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. | 1.9 |
2019-07-16 | CVE-2019-9700 | Norton | Information Exposure vulnerability in Norton Password Manager Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. | 1.7 |