Weekly Vulnerabilities Reports > July 22 to 28, 2019

Overview

445 new vulnerabilities reported during this period, including 32 critical vulnerabilities and 91 high severity vulnerabilities. This weekly summary report vulnerabilities in 406 products from 125 vendors including Oracle, Qualcomm, Mozilla, Opensuse, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Out-of-bounds Read", "Out-of-bounds Write", and "Use After Free".

  • 344 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 75 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 321 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 162 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

32 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-07-28 CVE-2019-14363 Netgear Out-of-bounds Write vulnerability in Netgear Wndr3400V3 Firmware

A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.

10.0
2019-07-25 CVE-2019-13917 Exim
Debian
Data Processing Errors vulnerability in multiple products

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

10.0
2019-07-25 CVE-2019-9884 Eclass Forced Browsing vulnerability in Eclass IP 2.5

eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.

10.0
2019-07-25 CVE-2019-2327 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016

10.0
2019-07-25 CVE-2019-2307 Qualcomm Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products

Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24

10.0
2019-07-25 CVE-2019-2276 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

10.0
2019-07-23 CVE-2019-1010200 Google OS Command Injection vulnerability in Google Voice Builder

Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

10.0
2019-07-23 CVE-2019-11708 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Firefox ESR

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process.

10.0
2019-07-22 CVE-2019-12327 Akuvox Use of Hard-coded Credentials vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet.

10.0
2019-07-22 CVE-2019-12326 Akuvox Unrestricted Upload of File with Dangerous Type vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.

10.0
2019-07-22 CVE-2018-13924 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Lack of check to prevent the buffer length taking negative values can lead to stack overflow.

10.0
2019-07-27 CVE-2017-18379 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.

9.8
2019-07-27 CVE-2016-10764 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function.

9.8
2019-07-27 CVE-2012-6712 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.

9.8
2019-07-27 CVE-2011-5327 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.

9.8
2019-07-27 CVE-2007-6762 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array.

9.8
2019-07-26 CVE-2019-13990 Softwareag
Oracle
Apache
Netapp
Atlassian
XXE vulnerability in multiple products

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

9.8
2019-07-26 CVE-2019-14277 Axway XML Injection (aka Blind XPath Injection) vulnerability in Axway Securetransport

Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API.

9.8
2019-07-26 CVE-2018-11779 Apache Deserialization of Untrusted Data vulnerability in Apache Storm

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.

9.8
2019-07-25 CVE-2019-1010174 Cimg
Debian
Command Injection vulnerability in multiple products

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection.

9.8
2019-07-23 CVE-2019-11705 Mozilla Out-of-bounds Write vulnerability in Mozilla Thunderbird

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash.

9.8
2019-07-23 CVE-2019-10173 Xstream Project
Oracle
Code Injection vulnerability in multiple products

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw.

9.8
2019-07-22 CVE-2019-1010228 Offis
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow.

9.8
2019-07-26 CVE-2019-5604 Freebsd Out-of-bounds Read vulnerability in Freebsd

In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read.

9.6
2019-07-26 CVE-2019-13382 Techsmith
Microsoft
Link Following vulnerability in Techsmith Snagit 2019.1.2

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name.

9.3
2019-07-25 CVE-2019-2322 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Buffer overflow can occur when playing specific clip which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016

9.3
2019-07-26 CVE-2019-10744 Lodash
Netapp
Redhat
Oracle
F5
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution.
9.1
2019-07-23 CVE-2019-1010155 Dlink Unspecified vulnerability in Dlink Dsl-2750U Firmware 1.11

D-Link DSL-2750U 1.11 is affected by: Authentication Bypass.

9.1
2019-07-26 CVE-2019-10267 Ahsay Unrestricted Upload of File with Dangerous Type vulnerability in Ahsay Cloud Backup Suite

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50.

9.0
2019-07-22 CVE-2019-12328 Atcom OS Command Injection vulnerability in Atcom A10W Firmware 2.6.1A2421

A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.

9.0
2019-07-22 CVE-2019-12325 Htek Out-of-bounds Write vulnerability in Htek Uc902 Firmware 2.0.4.4.46

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.

9.0
2019-07-22 CVE-2019-12324 Akuvox OS Command Injection vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156

A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.

9.0

91 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-07-26 CVE-2019-13386 Centos Webpanel Incorrect Authorization vulnerability in Centos-Webpanel Centos web Panel 0.9.8.846

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.

8.8
2019-07-25 CVE-2019-4212 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2019-07-23 CVE-2019-11711 Mozilla
Debian
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections.
8.8
2019-07-23 CVE-2019-11707 Mozilla Type Confusion vulnerability in Mozilla Thunderbird

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.

8.8
2019-07-23 CVE-2019-9811 Mozilla
Debian
Novell
Opensuse
Injection vulnerability in multiple products

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.

8.3
2019-07-24 CVE-2019-3622 Mcafee Files or Directories Accessible to External Parties vulnerability in Mcafee Data Loss Prevention Endpoint

Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.

8.2
2019-07-22 CVE-2018-2024 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0

IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

8.1
2019-07-28 CVE-2019-14352 Joget Improper Neutralization of Formula Elements in a CSV File vulnerability in Joget Worfklow 6.0.20

In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field.

7.8
2019-07-27 CVE-2010-5331 Linux Off-by-one Error vulnerability in Linux Kernel

In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem.

7.8
2019-07-27 CVE-2019-14296 UPX Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in UPX Project UPX 3.95

canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.

7.8
2019-07-26 CVE-2019-10266 Ahsay XXE vulnerability in Ahsay Cloud Backup Suite

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50.

7.8
2019-07-26 CVE-2019-10265 Ahsay Path Traversal vulnerability in Ahsay Cloud Backup Suite

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50.

7.8
2019-07-26 CVE-2019-13638 GNU
Debian
OS Command Injection vulnerability in multiple products

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters.

7.8
2019-07-26 CVE-2018-20856 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 4.18.7.

7.8
2019-07-26 CVE-2018-20854 Linux Out-of-bounds Read vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 4.20.

7.8
2019-07-26 CVE-2019-5607 Freebsd Improper Resource Shutdown or Release vulnerability in Freebsd

In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event.

7.8
2019-07-26 CVE-2019-5606 Freebsd Use After Free vulnerability in Freebsd

In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration.

7.8
2019-07-26 CVE-2019-5603 Freebsd Improper Resource Shutdown or Release vulnerability in Freebsd

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.

7.8
2019-07-25 CVE-2019-2334 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016

7.8
2019-07-25 CVE-2019-2273 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

IOMMU page fault while playing h265 video file leads to denial of service issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 845 / SD 850, SD 855, SD 8CX, SDM439, Snapdragon_High_Med_2016, SXR1130

7.8
2019-07-25 CVE-2019-4415 IBM Unspecified vulnerability in IBM Cloud Private 3.1.1/3.1.2

IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints.

7.8
2019-07-22 CVE-2019-4267 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Spectrum Protect

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow.

7.8
2019-07-28 CVE-2019-14322 Palletsprojects Path Traversal vulnerability in Palletsprojects Werkzeug

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.

7.5
2019-07-26 CVE-2019-13565 Openldap
Canonical
Debian
Opensuse
F5
Apple
Oracle
An issue was discovered in OpenLDAP 2.x before 2.4.48.
7.5
2019-07-26 CVE-2019-14282 Simple Captcha2 Project Code Injection vulnerability in Simple Captcha2 Project Simple Captcha2 0.2.3

The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

7.5
2019-07-26 CVE-2019-14281 Datagrid Project Code Injection vulnerability in Datagrid Project Datagrid 1.0.6

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

7.5
2019-07-26 CVE-2019-0202 Apache Information Exposure Through Log Files vulnerability in Apache Storm

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm.

7.5
2019-07-25 CVE-2019-11921 Facebook Out-of-bounds Write vulnerability in Facebook Proxygen

An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers.

7.5
2019-07-25 CVE-2019-13483 Auth0 Insufficient Verification of Data Authenticity vulnerability in Auth0 Passport-Sharepoint 0.3.0

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing.

7.5
2019-07-25 CVE-2019-9885 Eclass SQL Injection vulnerability in Eclass IP 2.5

eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.

7.5
2019-07-25 CVE-2019-2309 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length.

7.5
2019-07-25 CVE-2019-2305 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bound access when reason code is extracted from frame data without validating the frame length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

7.5
2019-07-25 CVE-2019-2254 Qualcomm Information Exposure vulnerability in Qualcomm products

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

7.5
2019-07-25 CVE-2019-2253 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer over-read can occur while parsing an ogg file with a corrupted comment block.

7.5
2019-07-25 CVE-2019-1010176 Jerryscript Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jerryscript 1.0

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow.

7.5
2019-07-25 CVE-2019-1010161 Perl Crypt JWT Project Improper Verification of Cryptographic Signature vulnerability in Perl-Crypt-Jwt Project Perl-Crypt-Jwt

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control.

7.5
2019-07-25 CVE-2019-14262 Metadataextractor Project Resource Exhaustion vulnerability in Metadataextractor Project Metadataextractor 2.1.0

MetadataExtractor 2.1.0 allows stack consumption.

7.5
2019-07-24 CVE-2019-1010191 Marginalia Project SQL Injection vulnerability in Marginalia Project Marginalia

marginalia < 1.6 is affected by: SQL Injection.

7.5
2019-07-24 CVE-2019-1010179 Phkp Project OS Command Injection vulnerability in Phkp Project Phkp

PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection').

7.5
2019-07-24 CVE-2019-1010178 Modx Improper Access Control vulnerability in Modx Fred 1.0.0

Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648.

7.5
2019-07-24 CVE-2019-1010177 Jsish Use After Free vulnerability in Jsish 2.4.702.047

Jsish 2.4.70 2.047 is affected by: Use After Free.

7.5
2019-07-23 CVE-2019-2856 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE).

7.5
2019-07-23 CVE-2019-2855 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2019-07-23 CVE-2019-2854 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2019-07-23 CVE-2019-2853 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2019-07-23 CVE-2019-2852 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2019-07-23 CVE-2019-2835 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2019-07-23 CVE-2019-2822 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster).

7.5
2019-07-23 CVE-2019-2764 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2019-07-23 CVE-2019-2759 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2019-07-23 CVE-2019-2756 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2019-07-23 CVE-2019-2750 Oracle Unspecified vulnerability in Oracle Micros Retail-J

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations).

7.5
2019-07-23 CVE-2019-2727 Oracle Unspecified vulnerability in Oracle Application Testing Suite 13.3

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps).

7.5
2019-07-23 CVE-2019-12164 Status Unspecified vulnerability in Status React Native Desktop

ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution.

7.5
2019-07-23 CVE-2019-9820 Mozilla Use After Free vulnerability in Mozilla Firefox and Firefox ESR

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use.

7.5
2019-07-23 CVE-2019-9819 Mozilla Improper Input Validation vulnerability in Mozilla Thunderbird

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.

7.5
2019-07-23 CVE-2019-9814 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 66.

7.5
2019-07-23 CVE-2019-9800 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6.

7.5
2019-07-23 CVE-2019-11723 Mozilla
Opensuse
Origin Validation Error vulnerability in multiple products

A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context.

7.5
2019-07-23 CVE-2019-11716 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window).

7.5
2019-07-23 CVE-2019-11714 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances.

7.5
2019-07-23 CVE-2019-11713 Mozilla Use After Free vulnerability in Mozilla Firefox and Firefox ESR

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash.

7.5
2019-07-23 CVE-2019-11710 Mozilla
Opensuse
Out-of-bounds Write vulnerability in multiple products

Mozilla developers and community members reported memory safety bugs present in Firefox 67.

7.5
2019-07-23 CVE-2019-11709 Mozilla
Opensuse
Suse
Debian
Out-of-bounds Write vulnerability in multiple products

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7.

7.5
2019-07-23 CVE-2019-11706 Mozilla Type Confusion vulnerability in Mozilla Thunderbird

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.

7.5
2019-07-23 CVE-2019-11704 Mozilla Out-of-bounds Write vulnerability in Mozilla Thunderbird

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash.

7.5
2019-07-23 CVE-2019-11703 Mozilla Out-of-bounds Write vulnerability in Mozilla Thunderbird

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash.

7.5
2019-07-23 CVE-2019-11693 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux.

7.5
2019-07-23 CVE-2019-11692 Mozilla Use After Free vulnerability in Mozilla Firefox and Firefox ESR

A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.

7.5
2019-07-23 CVE-2019-11691 Mozilla Use After Free vulnerability in Mozilla Firefox and Firefox ESR

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed.

7.5
2019-07-23 CVE-2019-1010153 Zzcms SQL Injection vulnerability in Zzcms

zzcms 8.3 and earlier is affected by: SQL Injection.

7.5
2019-07-23 CVE-2019-1010152 Zzcms Improper Input Validation vulnerability in Zzcms

zzcms 8.3 and earlier is affected by: File Delete to Code Execution.

7.5
2019-07-23 CVE-2019-1010150 Zzcms Improper Input Validation vulnerability in Zzcms

zzcms 8.3 and earlier is affected by: File Delete to Code Execution.

7.5
2019-07-23 CVE-2019-1010149 Zzcms Improper Input Validation vulnerability in Zzcms

zzcms version 8.3 and earlier is affected by: File Delete to Code Execution.

7.5
2019-07-23 CVE-2019-1010148 Zzcms SQL Injection vulnerability in Zzcms

zzcms version 8.3 and earlier is affected by: SQL Injection.

7.5
2019-07-22 CVE-2019-1010234 Linuxfoundation Improper Input Validation vulnerability in Linuxfoundation Open Network Operating System

The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation.

7.5
2019-07-22 CVE-2019-2287 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver.

7.5
2019-07-22 CVE-2019-2279 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Shared memory gets updated with invalid data and may lead to access beyond the allocated memory.

7.5
2019-07-22 CVE-2019-2269 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9650, MSM8996AU, QCS405, QCS605, SD 625, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130

7.5
2019-07-23 CVE-2019-2792 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.3
2019-07-25 CVE-2019-2346 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation.

7.2
2019-07-25 CVE-2019-2328 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer overflow when number of channels passed is more than size of channel mapping array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

7.2
2019-07-25 CVE-2019-2326 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

7.2
2019-07-25 CVE-2019-2316 Qualcomm Use After Free vulnerability in Qualcomm products

When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9640, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM660, SDX24

7.2
2019-07-25 CVE-2019-2308 Qualcomm Unspecified vulnerability in Qualcomm products

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

7.2
2019-07-25 CVE-2019-2278 Qualcomm Improper Verification of Cryptographic Signature vulnerability in Qualcomm products

User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660

7.2
2019-07-24 CVE-2019-1010163 Socusoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Socusoft Photo 2 Video Converter 8.0.0

Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service.

7.2
2019-07-22 CVE-2018-13927 Qualcomm Improper Authentication vulnerability in Qualcomm products

Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130

7.2
2019-07-22 CVE-2018-13896 Qualcomm Improper Access Control vulnerability in Qualcomm products

XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage..

7.2
2019-07-26 CVE-2019-10972 Mitsubishielectric Resource Exhaustion vulnerability in Mitsubishielectric Electric FR Configurator2

Mitsubishi Electric FR Configurator2, Version 1.16S and prior.

7.1
2019-07-23 CVE-2019-2800 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
7.1

268 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-07-23 CVE-2019-2804 Oracle Unspecified vulnerability in Oracle Solaris 10.0/11.4

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem).

6.9
2019-07-22 CVE-2019-2260 Qualcomm Use After Free vulnerability in Qualcomm products

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130

6.9
2019-07-28 CVE-2019-14373 Flif Out-of-bounds Read vulnerability in Flif 0.3

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3.

6.8
2019-07-28 CVE-2019-14368 Exiv2 Out-of-bounds Read vulnerability in Exiv2 0.27.99.0

Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.

6.8
2019-07-28 CVE-2019-14328 Simple Membership Plugin Cross-Site Request Forgery (CSRF) vulnerability in Simple-Membership-Plugin Simple Membership

The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.

6.8
2019-07-26 CVE-2019-13954 Mikrotik Allocation of Resources Without Limits or Throttling vulnerability in Mikrotik Routeros

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion.

6.8
2019-07-25 CVE-2019-11922 Facebook Race Condition vulnerability in Facebook Zstandard

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

6.8
2019-07-25 CVE-2019-1010127 Vcftools Project Use After Free vulnerability in Vcftools Project Vcftools 0.1.13/0.1.14

VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free.

6.8
2019-07-24 CVE-2019-10982 Deltaww Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Cnssoft Screeneditor 1.00.89

Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior.

6.8
2019-07-24 CVE-2019-1010180 GNU
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access.

6.8
2019-07-23 CVE-2019-2860 Oracle Unspecified vulnerability in Oracle Clusterware 12.1.0.2.0

Vulnerability in the Oracle Clusterware component of Oracle Support Tools (subcomponent: Trace File Analyzer (TFA) Collector).

6.8
2019-07-23 CVE-2019-2828 Oracle Unspecified vulnerability in Oracle Field Service

Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless).

6.8
2019-07-23 CVE-2018-3111 Oracle Unspecified vulnerability in Oracle Retail Xstore Office 7.1

Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations).

6.8
2019-07-23 CVE-2019-9821 Mozilla Use After Free vulnerability in Mozilla Firefox

A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers.

6.8
2019-07-23 CVE-2019-9815 Mozilla Information Exposure Through Discrepancy vulnerability in Mozilla Firefox

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks.

6.8
2019-07-23 CVE-2019-11712 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox and Firefox ESR

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements.

6.8
2019-07-23 CVE-2019-11696 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system.

6.8
2019-07-28 CVE-2019-14372 Libav Infinite Loop vulnerability in Libav 12.3

In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.

6.5
2019-07-28 CVE-2019-14370 Exiv2
Debian
Out-of-bounds Read vulnerability in multiple products

In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp.

6.5
2019-07-28 CVE-2019-14369 Exiv2
Debian
Out-of-bounds Read vulnerability in multiple products

Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.

6.5
2019-07-26 CVE-2019-10264 Ahsay XXE vulnerability in Ahsay Cloud Backup Suite

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50.

6.5
2019-07-26 CVE-2019-5605 Freebsd Improper Initialization vulnerability in Freebsd 11.0/11.2/11.3

In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes.

6.5
2019-07-25 CVE-2019-14266 Opensns SQL Injection vulnerability in Opensns 6.1.0

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php.

6.5
2019-07-24 CVE-2019-3595 Mcafee OS Command Injection vulnerability in Mcafee Data Loss Prevention Endpoint

Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine.

6.5
2019-07-23 CVE-2019-2834 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
6.5
2019-07-23 CVE-2019-2812 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
6.5
2019-07-23 CVE-2019-2805 Oracle
Mariadb
Canonical
Redhat
Fedoraproject
Opensuse
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser).
6.5
2019-07-23 CVE-2019-2795 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets).
6.5
2019-07-23 CVE-2019-2746 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Data Dictionary).

6.5
2019-07-23 CVE-2019-2740 Oracle
Canonical
Mariadb
Redhat
Fedoraproject
Opensuse
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML).
6.5
2019-07-23 CVE-2018-3316 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Segment).

6.5
2019-07-23 CVE-2019-13570 Ajdg SQL Injection vulnerability in Ajdg Adrotate

The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.

6.5
2019-07-23 CVE-2019-11730 Mozilla
Debian
Opensuse
Suse
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed.
6.5
2019-07-23 CVE-2019-11725 Mozilla
Opensuse
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections.
6.5
2019-07-23 CVE-2019-11721 Mozilla
Opensuse
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar.
6.5
2019-07-22 CVE-2019-9959 Freedesktop
Debian
Fedoraproject
Redhat
Integer Overflow or Wraparound vulnerability in multiple products

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.

6.5
2019-07-23 CVE-2019-2775 Oracle Unspecified vulnerability in Oracle Payments

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission).

6.4
2019-07-23 CVE-2019-2767 Oracle Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).

6.4
2019-07-23 CVE-2019-2763 Oracle Unspecified vulnerability in Oracle Food and Beverage Applications 9.0.0/9.1.0

Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications.

6.4
2019-07-23 CVE-2019-2742 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.9.0

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API).

6.4
2019-07-23 CVE-2019-2561 Oracle Unspecified vulnerability in Oracle Retail Xstore Office 7.0/7.1

Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations).

6.4
2019-07-25 CVE-2019-3621 Mcafee Unspecified vulnerability in Mcafee Data Loss Prevention Endpoint

Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked.

6.2
2019-07-28 CVE-2019-14364 Icegram Cross-site Scripting vulnerability in Icegram Email Subscribers & Newsletters 4.1.6

An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.

6.1
2019-07-26 CVE-2019-6002 Central Dogma Project Cross-site Scripting vulnerability in Central Dogma Project Central Dogma

Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1
2019-07-26 CVE-2019-13387 Control Webpanel Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.846

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website.

6.1
2019-07-25 CVE-2019-3486 HP Cross-site Scripting vulnerability in HP Arcsight Management Center 2.0

Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1

6.1
2019-07-24 CVE-2019-3485 HP Cross-site Scripting vulnerability in HP Arcsight Logger

Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1

6.1
2019-07-24 CVE-2019-3591 Mcafee Cross-site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection.

6.1
2019-07-23 CVE-2019-11724 Mozilla
Opensuse
Incorrect Authorization vulnerability in multiple products

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site.

6.1
2019-07-23 CVE-2019-11720 Mozilla
Opensuse
Cross-site Scripting vulnerability in multiple products

Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors.

6.1
2019-07-23 CVE-2019-2799 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Oracle ODBC Driver component of Oracle Database Server<span class=font-red><b> ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***</b></span>.

6.0
2019-07-23 CVE-2019-2771 Oracle Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).

6.0
2019-07-23 CVE-2018-2883 Oracle Unspecified vulnerability in Oracle Retail Xstore Office 7.0/7.1

Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations).

6.0
2019-07-23 CVE-2019-2878 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT 8.8.3

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems).

5.8
2019-07-23 CVE-2019-2837 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2019-07-23 CVE-2019-2829 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Service Requests).

5.8
2019-07-23 CVE-2019-2777 Oracle Unspecified vulnerability in Oracle Siebel Core - Server Framework

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Search).

5.8
2019-07-23 CVE-2019-2772 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide).

5.8
2019-07-23 CVE-2019-2744 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.8
2019-07-23 CVE-2019-2736 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.8
2019-07-23 CVE-2019-2672 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server).

5.8
2019-07-23 CVE-2019-2668 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server).

5.8
2019-07-23 CVE-2019-2666 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server).

5.8
2019-07-23 CVE-2019-14240 Wcms Path Traversal vulnerability in Wcms 0.3.2

WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.

5.8
2019-07-22 CVE-2019-12551 Sweetscape Out-of-bounds Write vulnerability in Sweetscape 010 Editor 9.0.1

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.

5.8
2019-07-27 CVE-2010-5332 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c.

5.6
2019-07-28 CVE-2019-14362 Openbravo Path Traversal vulnerability in Openbravo ERP 3.0

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal.

5.5
2019-07-27 CVE-2019-14295 UPX Project Integer Overflow or Wraparound vulnerability in UPX Project UPX 3.95

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.

5.5
2019-07-26 CVE-2019-14275 Xfig Project
Debian
Opensuse
Out-of-bounds Write vulnerability in multiple products

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.

5.5
2019-07-26 CVE-2019-14274 Mcpp Project
Opensuse
Out-of-bounds Write vulnerability in multiple products

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.

5.5
2019-07-25 CVE-2019-4116 IBM Unspecified vulnerability in IBM Cloud Private 2.1.0/3.1.0/3.1.1

IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system.

5.5
2019-07-24 CVE-2019-1010189 Mgetty Project Infinite Loop vulnerability in Mgetty Project Mgetty

mgetty prior to version 1.2.1 is affected by: Infinite Loop.

5.5
2019-07-24 CVE-2019-14250 GNU
Canonical
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32.

5.5
2019-07-23 CVE-2019-2843 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2019-07-23 CVE-2019-2841 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2019-07-23 CVE-2019-2831 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise FIN Project Costing 9.2

Vulnerability in the PeopleSoft Enterprise FIN Project Costing component of Oracle PeopleSoft Products (subcomponent: Projects).

5.5
2019-07-23 CVE-2019-2827 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components).

5.5
2019-07-23 CVE-2019-2825 Oracle Unspecified vulnerability in Oracle Applications Manager

Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces).

5.5
2019-07-23 CVE-2019-2824 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components).

5.5
2019-07-23 CVE-2019-2823 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2019-07-23 CVE-2019-2819 Oracle
Canonical
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit).
5.5
2019-07-23 CVE-2019-2790 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2019-07-23 CVE-2019-2776 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

5.5
2019-07-23 CVE-2019-2758 Oracle
Canonical
Mariadb
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
5.5
2019-07-23 CVE-2019-2754 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2019-07-23 CVE-2019-1010204 GNU
Netapp
Incorrect Conversion between Numeric Types vulnerability in multiple products

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read.

5.5
2019-07-23 CVE-2019-2778 Oracle
Canonical
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
5.4
2019-07-23 CVE-2019-2731 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).

5.4
2019-07-23 CVE-2019-1010124 Webappick Cross-site Scripting vulnerability in Webappick Woocommerce Product Feed

WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS).

5.4
2019-07-25 CVE-2019-4439 IBM Session Fixation vulnerability in IBM Cloud Private 3.1.0/3.1.1/3.1.2

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system.

5.3
2019-07-23 CVE-2019-2769 Oracle
Debian
Canonical
Redhat
HP
Mcafee
Opensuse
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
5.3
2019-07-23 CVE-2019-2762 Oracle
Canonical
Opensuse
Debian
Redhat
Mcafee
HP
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities).
5.3
2019-07-23 CVE-2019-2743 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles).

5.3
2019-07-23 CVE-2019-2741 Oracle
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log).
5.3
2019-07-23 CVE-2019-11718 Mozilla
Opensuse
Injection vulnerability in multiple products

Activity Stream can display content from sent from the Snippet Service website.

5.3
2019-07-23 CVE-2019-11717 Mozilla
Debian
Novell
Opensuse
Improper Encoding or Escaping of Output vulnerability in multiple products

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.

5.3
2019-07-23 CVE-2019-2745 Oracle
Debian
Canonical
Opensuse
Mcafee
HP
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).
5.1
2019-07-23 CVE-2019-2739 Oracle
Canonical
Fedoraproject
Redhat
Mariadb
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
5.1
2019-07-23 CVE-2019-9818 Mozilla Race Condition vulnerability in Mozilla Firefox

A race condition is present in the crash generation server used to generate data for the crash reporter.

5.1
2019-07-28 CVE-2019-14323 Simple Service Discovery Protocol Responder Project Off-by-one Error vulnerability in Simple Service Discovery Protocol Responder Project Simple Service Discovery Protocol Responder

SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte.

5.0
2019-07-26 CVE-2018-20857 Zendesk Improper Input Validation vulnerability in Zendesk Samlr

Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with [email protected] followed by <!---->.

5.0
2019-07-26 CVE-2019-14280 Craftcms Information Exposure vulnerability in Craftcms Craft CMS

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

5.0
2019-07-25 CVE-2019-10184 Redhat
Netapp
Missing Authorization vulnerability in multiple products

undertow before version 2.0.23.Final is vulnerable to an information leak issue.

5.0
2019-07-25 CVE-2018-13897 Qualcomm Information Exposure vulnerability in Qualcomm products

Clients hostname gets added to DNS record on device which is running dnsmasq resulting in an information exposure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660

5.0
2019-07-25 CVE-2019-1010172 Jsish Resource Exhaustion vulnerability in Jsish 2.4.842.0484

Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption.

5.0
2019-07-23 CVE-2019-2846 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.0
2019-07-23 CVE-2019-2838 Oracle Unspecified vulnerability in Oracle Solaris 11.4

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

5.0
2019-07-23 CVE-2019-2836 Oracle Unspecified vulnerability in Oracle Food and Beverage Applications 18.2.1

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications.

5.0
2019-07-23 CVE-2019-2809 Oracle Unspecified vulnerability in Oracle Irecruitment

Vulnerability in the Oracle iRecruitment component of Oracle E-Business Suite (subcomponent: Password Reset).

5.0
2019-07-23 CVE-2019-2794 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.0
2019-07-23 CVE-2019-2783 Oracle Unspecified vulnerability in Oracle Payments

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission).

5.0
2019-07-23 CVE-2019-2782 Oracle Unspecified vulnerability in Oracle Payments

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission).

5.0
2019-07-23 CVE-2019-2773 Oracle Unspecified vulnerability in Oracle Payments

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission).

5.0
2019-07-23 CVE-2019-2768 Oracle Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).

5.0
2019-07-23 CVE-2019-2732 Oracle Unspecified vulnerability in Oracle Demantra Demand Management 7.3.1.5.2

Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security).

5.0
2019-07-23 CVE-2019-14243 Haproxy Improper Input Validation vulnerability in Haproxy Proxyprotocol

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data.

5.0
2019-07-23 CVE-2019-1010173 Jsish Reachable Assertion vulnerability in Jsish 2.4.842.0484

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion.

5.0
2019-07-23 CVE-2019-9817 Mozilla Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR

Images from a different domain can be read using a canvas object in some circumstances.

5.0
2019-07-23 CVE-2019-11729 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.

5.0
2019-07-23 CVE-2019-11727 Mozilla Improper Certificate Validation vulnerability in Mozilla Firefox

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3.

5.0
2019-07-23 CVE-2019-11719 Mozilla Out-of-bounds Read vulnerability in Mozilla Firefox and Firefox ESR

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library.

5.0
2019-07-23 CVE-2019-11698 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Firefox ESR

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.

5.0
2019-07-23 CVE-2019-11694 Mozilla
Microsoft
Use of Uninitialized Resource vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file.

5.0
2019-07-23 CVE-2019-1010209 Gorul Unrestricted Upload of File with Dangerous Type vulnerability in Gorul Gourl

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434.

5.0
2019-07-23 CVE-2019-1010205 Linagora Path Traversal vulnerability in Linagora Hublin

LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal.

5.0
2019-07-23 CVE-2019-1010171 Jsish NULL Pointer Dereference vulnerability in Jsish 2.4.832.0483

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference.

5.0
2019-07-23 CVE-2019-1010170 Jsish Use After Free vulnerability in Jsish 2.4.772.0477

Jsish 2.4.77 2.0477 is affected by: Use After Free.

5.0
2019-07-23 CVE-2019-1010169 Jsish Out-of-bounds Read vulnerability in Jsish 2.4.772.0477

Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read.

5.0
2019-07-23 CVE-2019-14241 Haproxy Infinite Loop vulnerability in Haproxy

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.

5.0
2019-07-23 CVE-2019-1010123 Modx Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type.

5.0
2019-07-22 CVE-2019-1010218 Cherokee Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cherokee-Project Cherokee web Server

Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120.

5.0
2019-07-22 CVE-2019-13097 CAT Runner Improper Input Validation vulnerability in CAT Runner: Decorate Home Project CAT Runner: Decorate Home 2.8.0

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable.

5.0
2019-07-22 CVE-2019-13096 Tronlink Cleartext Storage of Sensitive Information vulnerability in Tronlink Wallet 2.2.0

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage.

5.0
2019-07-27 CVE-2015-9289 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c.

4.9
2019-07-25 CVE-2019-2330 Qualcomm Improper Input Validation vulnerability in Qualcomm products

improper input validation in allocation request for secure allocations can lead to page fault.

4.9
2019-07-23 CVE-2019-2879 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
4.9
2019-07-23 CVE-2019-2857 Oracle Unspecified vulnerability in Oracle Siebel UI Framework

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI).

4.9
2019-07-23 CVE-2019-2830 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2826 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles).
4.9
2019-07-23 CVE-2019-2815 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2811 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
4.9
2019-07-23 CVE-2019-2810 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2808 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2803 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2802 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2801 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS).
4.9
2019-07-23 CVE-2019-2798 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
4.9
2019-07-23 CVE-2019-2796 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2785 Oracle
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
4.9
2019-07-23 CVE-2019-2784 Oracle
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
4.9
2019-07-23 CVE-2019-2780 Oracle
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services).
4.9
2019-07-23 CVE-2019-2779 Oracle Unspecified vulnerability in Oracle Siebel Core - Common Components 19.0

Vulnerability in the Siebel Core - Common Components component of Oracle Siebel CRM (subcomponent: Email).

4.9
2019-07-23 CVE-2019-2774 Oracle
Canonical
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2757 Oracle
Canonical
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
4.9
2019-07-23 CVE-2019-2755 Oracle
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
4.9
2019-07-23 CVE-2019-2753 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Oracle Text component of Oracle Database Server.

4.9
2019-07-23 CVE-2019-2752 Oracle
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options).
4.9
2019-07-23 CVE-2019-2749 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

4.9
2019-07-23 CVE-2019-2748 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server).

4.9
2019-07-23 CVE-2019-2747 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS).

4.9
2019-07-23 CVE-2019-2737 Oracle
Canonical
Mariadb
Fedoraproject
Opensuse
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth).
4.9
2019-07-23 CVE-2019-2484 Oracle Unspecified vulnerability in Oracle Database Server 18.2/5.1

Vulnerability in the Application Express component of Oracle Database Server.

4.9
2019-07-23 CVE-2018-3315 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Customer).

4.9
2019-07-22 CVE-2019-2261 Qualcomm Configuration vulnerability in Qualcomm products

Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

4.9
2019-07-23 CVE-2019-2816 Oracle
Debian
Opensuse
HP
Mcafee
Canonical
Redhat
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).
4.8
2019-07-23 CVE-2019-11728 Mozilla
Opensuse
Exposure of Resource to Wrong Sphere vulnerability in multiple products

The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded.

4.7
2019-07-26 CVE-2019-9492 Trendmicro
Microsoft
Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection.

4.6
2019-07-26 CVE-2019-14283 Linux Out-of-bounds Read vulnerability in Linux Kernel

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read.

4.6
2019-07-25 CVE-2019-2312 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

When handling the vendor command there exists a potential buffer overflow due to lack of input validation of data buffer received in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MDM9640, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

4.6
2019-07-25 CVE-2019-2306 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Improper casting of structure while handling the buffer leads to out of bound read in display in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20

4.6
2019-07-25 CVE-2019-2301 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24

4.6
2019-07-25 CVE-2019-2299 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application.

4.6
2019-07-25 CVE-2019-2298 Qualcomm Use After Free vulnerability in Qualcomm products

Protection is missing while accessing md sessions info via macro which can lead to use-after-free in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24

4.6
2019-07-25 CVE-2019-2293 Qualcomm Use After Free vulnerability in Qualcomm products

Pointer dereference while freeing IFE resources due to lack of length check of in port resource.

4.6
2019-07-25 CVE-2019-2290 Qualcomm Use After Free vulnerability in Qualcomm products

Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016

4.6
2019-07-25 CVE-2019-2281 Qualcomm Unspecified vulnerability in Qualcomm products

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code.

4.6
2019-07-25 CVE-2019-2272 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Buffer overflow can occur in display function due to lack of validation of header block size set by user.

4.6
2019-07-25 CVE-2019-2263 Qualcomm Use After Free vulnerability in Qualcomm products

Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, Snapdragon_High_Med_2016

4.6
2019-07-25 CVE-2019-2238 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow.

4.6
2019-07-25 CVE-2019-2235 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Buffer overflow occurs when emulated RPMB is used due to sector size assumptions in the TA rollback protection logic.

4.6
2019-07-25 CVE-2019-14270 Comodo Unspecified vulnerability in Comodo Antivirus, Firewall and Internet Security

Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape.

4.6
2019-07-23 CVE-2019-2867 Oracle
Opensuse
Out-of-bounds Write vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2019-07-23 CVE-2019-2866 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
4.6
2019-07-23 CVE-2019-2859 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
4.6
2019-07-23 CVE-2019-2844 Oracle Unspecified vulnerability in Oracle Solaris 11.4

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools).

4.6
2019-07-23 CVE-2019-2832 Oracle Unspecified vulnerability in Oracle Solaris 10

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment).

4.6
2019-07-23 CVE-2019-12162 Upwork Download of Code Without Integrity Check vulnerability in Upwork Time Tracker 5.2.2.716

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.

4.6
2019-07-22 CVE-2019-2292 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9650, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

4.6
2019-07-22 CVE-2019-2277 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX24

4.6
2019-07-22 CVE-2019-2264 Qualcomm Use After Free vulnerability in Qualcomm products

Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MDM9640, MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SDM439, SDM630, SDM660, SDX24

4.6
2019-07-25 CVE-2019-2345 Qualcomm Race Condition vulnerability in Qualcomm products

Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM660, SDX20, SDX24

4.4
2019-07-25 CVE-2019-2314 Qualcomm Use After Free vulnerability in Qualcomm products

Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24

4.4
2019-07-23 CVE-2019-2865 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
4.4
2019-07-23 CVE-2019-2864 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
4.4
2019-07-23 CVE-2019-2820 Oracle Unspecified vulnerability in Oracle Solaris 11.4

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot).

4.4
2019-07-23 CVE-2019-1010221 Lineageos Unspecified vulnerability in Lineageos 13.0/15.1/16.0

LineageOS 16.0 and earlier is affected by: Incorrect Access Control.

4.4
2019-07-22 CVE-2019-4236 IBM Data Processing Errors vulnerability in IBM Spectrum Protect

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total.

4.4
2019-07-28 CVE-2019-14371 Libav Infinite Loop vulnerability in Libav 12.3

An issue was discovered in Libav 12.3.

4.3
2019-07-28 CVE-2019-14350 Espocrm Cross-site Scripting vulnerability in Espocrm 5.6.4

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base.

4.3
2019-07-28 CVE-2019-14349 Espocrm Cross-site Scripting vulnerability in Espocrm 5.6.4

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab.

4.3
2019-07-28 CVE-2019-14331 Espocrm Cross-site Scripting vulnerability in Espocrm

An issue was discovered in EspoCRM before 5.6.6.

4.3
2019-07-28 CVE-2019-14330 Espocrm Cross-site Scripting vulnerability in Espocrm

An issue was discovered in EspoCRM before 5.6.6.

4.3
2019-07-28 CVE-2019-14329 Espocrm Cross-site Scripting vulnerability in Espocrm

An issue was discovered in EspoCRM before 5.6.6.

4.3
2019-07-28 CVE-2019-14315 Sunhater Cross-site Scripting vulnerability in Sunhater Kcfinder

A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter.

4.3
2019-07-27 CVE-2019-14294 Glyphandcog Use After Free vulnerability in Glyphandcog Xpdfreader 4.01.01

An issue was discovered in Xpdf 4.01.01.

4.3
2019-07-27 CVE-2019-14293 Glyphandcog Out-of-bounds Read vulnerability in Glyphandcog Xpdfreader 4.01.01

An issue was discovered in Xpdf 4.01.01.

4.3
2019-07-27 CVE-2019-14292 Glyphandcog Out-of-bounds Read vulnerability in Glyphandcog Xpdfreader 4.01.01

An issue was discovered in Xpdf 4.01.01.

4.3
2019-07-27 CVE-2019-14291 Glyphandcog Out-of-bounds Read vulnerability in Glyphandcog Xpdfreader 4.01.01

An issue was discovered in Xpdf 4.01.01.

4.3
2019-07-27 CVE-2019-14290 Glyphandcog Out-of-bounds Read vulnerability in Glyphandcog Xpdfreader 4.01.01

An issue was discovered in Xpdf 4.01.01.

4.3
2019-07-27 CVE-2019-14289 Glyphandcog Integer Overflow or Wraparound vulnerability in Glyphandcog Xpdfreader 4.01.01

An issue was discovered in Xpdf 4.01.01.

4.3
2019-07-27 CVE-2019-14288 Glyphandcog Integer Overflow or Wraparound vulnerability in Glyphandcog Xpdfreader 4.01.01

An issue was discovered in Xpdf 4.01.01.

4.3
2019-07-27 CVE-2019-14286 Misp Cross-site Scripting vulnerability in Misp 2.4.111

In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view.

4.3
2019-07-26 CVE-2019-13588 Wikindx Project Cross-site Scripting vulnerability in Wikindx Project Wikindx

A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter.

4.3
2019-07-26 CVE-2019-10263 Ahsay Cross-site Scripting vulnerability in Ahsay Cloud Backup Suite

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50.

4.3
2019-07-26 CVE-2019-14228 Angry Frog Cross-Site Request Forgery (CSRF) vulnerability in Angry-Frog Xavier 3.0

Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php.

4.3
2019-07-26 CVE-2019-13385 Control Webpanel Path Traversal vulnerability in Control-Webpanel Webpanel 0.9.8.840

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

4.3
2019-07-26 CVE-2019-10976 Mitsubishielectric XXE vulnerability in Mitsubishielectric Electric FR Configurator2 Firmware

Mitsubishi Electric FR Configurator2, Version 1.16S and prior.

4.3
2019-07-25 CVE-2019-1010182 Yaml Rust Project Uncontrolled Recursion vulnerability in Yaml-Rust Project Yaml-Rust

yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion.

4.3
2019-07-25 CVE-2019-1010183 Serde Yaml Project Uncontrolled Recursion vulnerability in Serde-Yaml Project Serde-Yaml

serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion.

4.3
2019-07-24 CVE-2019-10992 Deltaww Out-of-bounds Read vulnerability in Deltaww Cnssoft Screeneditor 1.00.89

Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior.

4.3
2019-07-24 CVE-2019-1010193 Hisiphp Cross-site Scripting vulnerability in Hisiphp 1.0.8

hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS).

4.3
2019-07-24 CVE-2019-1010190 Mgetty Project Out-of-bounds Read vulnerability in Mgetty Project Mgetty

mgetty prior to 1.2.1 is affected by: out-of-bounds read.

4.3
2019-07-24 CVE-2019-14249 Libdwarf Project Divide By Zero vulnerability in Libdwarf Project Libdwarf

dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.

4.3
2019-07-24 CVE-2019-14248 Nasm NULL Pointer Dereference vulnerability in Nasm Netwide Assembler

In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.

4.3
2019-07-24 CVE-2019-14247 Mpg321 Project Out-of-bounds Write vulnerability in Mpg321 Project Mpg321 0.3.2

The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.

4.3
2019-07-23 CVE-2019-2761 Oracle Unspecified vulnerability in Oracle Application Object Library

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload).

4.3
2019-07-23 CVE-2019-2751 Oracle Unspecified vulnerability in Oracle Http Server 12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans).

4.3
2019-07-23 CVE-2019-1010199 Servicestack Cross-site Scripting vulnerability in Servicestack 4.5.14

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS).

4.3
2019-07-23 CVE-2018-18676 Gnuboard Cross-site Scripting vulnerability in Gnuboard Gnuboard5 5.3.1.9

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.

4.3
2019-07-23 CVE-2018-18675 Gnuboard Cross-site Scripting vulnerability in Gnuboard Gnuboard5 5.3.1.9

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter.

4.3
2019-07-23 CVE-2018-18672 Gnuboard Cross-site Scripting vulnerability in Gnuboard Gnuboard5 5.3.1.9

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter.

4.3
2019-07-23 CVE-2018-18670 Gnuboard Cross-site Scripting vulnerability in Gnuboard Gnuboard5 5.3.1.9

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter.

4.3
2019-07-23 CVE-2018-18673 Gnuboard Cross-site Scripting vulnerability in Gnuboard Gnuboard5 5.3.1.9

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter.

4.3
2019-07-23 CVE-2018-18671 Gnuboard Cross-site Scripting vulnerability in Gnuboard Gnuboard5 5.3.1.9

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter.

4.3
2019-07-23 CVE-2018-18669 Gnuboard Cross-site Scripting vulnerability in Gnuboard Gnuboard5 5.3.1.9

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter.

4.3
2019-07-23 CVE-2019-9816 Mozilla Type Confusion vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups.

4.3
2019-07-23 CVE-2019-11715 Mozilla Cross-site Scripting vulnerability in Mozilla Firefox and Firefox ESR

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.

4.3
2019-07-23 CVE-2019-11702 Mozilla
Microsoft
Missing Authorization vulnerability in Mozilla Firefox

A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted.

4.3
2019-07-23 CVE-2019-11701 Mozilla Cross-site Scripting vulnerability in Mozilla Firefox

The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks.

4.3
2019-07-23 CVE-2019-11700 Mozilla
Microsoft
Missing Authorization vulnerability in Mozilla Firefox

A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted.

4.3
2019-07-23 CVE-2019-11699 Mozilla Unspecified vulnerability in Mozilla Firefox

A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations.

4.3
2019-07-23 CVE-2019-11697 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation.

4.3
2019-07-23 CVE-2019-11695 Mozilla Unspecified vulnerability in Mozilla Firefox

A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area.

4.3
2019-07-23 CVE-2019-1010207 Genetechsolutions Cross-site Scripting vulnerability in Genetechsolutions PIE Register 3.0.15

Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS).

4.3
2019-07-23 CVE-2019-1010206 Http Request Project Improper Certificate Validation vulnerability in Http Request Project Http Request 6.0

OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation.

4.3
2019-07-23 CVE-2019-1010162 Jsish NULL Pointer Dereference vulnerability in Jsish 2.4.772.0477

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference.

4.3
2019-07-22 CVE-2019-12552 Sweetscape Integer Overflow or Wraparound vulnerability in Sweetscape 010 Editor 9.0.1

In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.

4.3
2019-07-22 CVE-2019-1010232 Juniper Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Libslax 0.22.0

Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow.

4.3
2019-07-22 CVE-2019-1010237 Ilias Cross-site Scripting vulnerability in Ilias

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent).

4.3
2019-07-23 CVE-2019-2797 Oracle
Canonical
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs).
4.2
2019-07-28 CVE-2019-14351 Espocrm Improper Restriction of Excessive Authentication Attempts vulnerability in Espocrm 5.6.4

EspoCRM 5.6.4 is vulnerable to user password hash enumeration.

4.0
2019-07-26 CVE-2019-13955 Mikrotik Uncontrolled Recursion vulnerability in Mikrotik Routeros

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion.

4.0
2019-07-25 CVE-2019-14268 Octopus Information Exposure Through Log Files vulnerability in Octopus Deploy

In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext.

4.0
2019-07-23 CVE-2019-2862 Oracle Unspecified vulnerability in Oracle Graalvm 19.0.0

Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: Java).

4.0
2019-07-23 CVE-2019-2858 Oracle Unspecified vulnerability in Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console).

4.0
2019-07-23 CVE-2019-2833 Oracle Unspecified vulnerability in Oracle Food and Beverage Applications 18.2.1

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications.

4.0
2019-07-23 CVE-2019-2813 Oracle Unspecified vulnerability in Oracle Graalvm 19.0.0

Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: GraalVM).

4.0
2019-07-23 CVE-2019-2787 Oracle Unspecified vulnerability in Oracle Solaris 10.0/11.4

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount).

4.0
2019-07-23 CVE-2019-2781 Oracle Unspecified vulnerability in Oracle Hospitality Suite8

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: XML Interface).

4.0
2019-07-23 CVE-2019-2733 Oracle Unspecified vulnerability in Oracle Demantra Demand Management 7.3.1.5.2

Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security).

4.0
2019-07-23 CVE-2019-2728 Oracle Unspecified vulnerability in Oracle Enterprise Manager OPS Center 12.3.3/12.4.0

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking).

4.0
2019-07-23 CVE-2019-2599 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pagelet Wizard).

4.0
2019-07-23 CVE-2019-11273 Pivotal Software Information Exposure vulnerability in Pivotal Software Pivotal Container Service

Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database.

4.0
2019-07-23 CVE-2019-1010201 Jeesite SQL Injection vulnerability in Jeesite 1.2.7

Jeesite 1.2.7 is affected by: SQL Injection.

4.0
2019-07-23 CVE-2019-1010202 Jeesite XXE vulnerability in Jeesite 1.2.7

Jeesite 1.2.7 is affected by: XML External Entity (XXE).

4.0
2019-07-22 CVE-2019-13100 Send Anywhere Cleartext Storage of Sensitive Information vulnerability in Send-Anywhere Send Anywhere 9.4.18

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml.

4.0
2019-07-22 CVE-2019-13099 Momo Project Cleartext Storage of Sensitive Information vulnerability in Momo Project Momo 2.1.9

The Momo application 2.1.9 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat.

4.0
2019-07-22 CVE-2019-13098 Tronlink
Google
Information Exposure Through Log Files vulnerability in Tronlink Wallet 2.2.0

The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called.

4.0

54 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-07-23 CVE-2019-2791 Oracle
Canonical
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in).
3.8
2019-07-23 CVE-2019-2871 Oracle Unspecified vulnerability in Oracle Berkeley DB

Vulnerability in the Data Store component of Oracle Berkeley DB.

3.7
2019-07-23 CVE-2019-2870 Oracle Unspecified vulnerability in Oracle Berkeley DB

Vulnerability in the Data Store component of Oracle Berkeley DB.

3.7
2019-07-23 CVE-2019-2869 Oracle Unspecified vulnerability in Oracle Berkeley DB

Vulnerability in the Data Store component of Oracle Berkeley DB.

3.7
2019-07-23 CVE-2019-2868 Oracle Unspecified vulnerability in Oracle Berkeley DB

Vulnerability in the Data Store component of Oracle Berkeley DB.

3.7
2019-07-23 CVE-2019-2842 Oracle
Opensuse
HP
Mcafee
Canonical
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE).
3.7
2019-07-23 CVE-2019-2760 Oracle Unspecified vulnerability in Oracle Berkeley DB

Vulnerability in the Data Store component of Oracle Berkeley DB.

3.7
2019-07-26 CVE-2019-10974 Nrel Out-of-bounds Write vulnerability in Nrel Energyplus

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code.

3.6
2019-07-23 CVE-2019-2817 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Folders, Files & Attachments).

3.6
2019-07-27 CVE-2019-14298 Veeam Cross-site Scripting vulnerability in Veeam ONE Reporter 9.5.0.3201

Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.

3.5
2019-07-27 CVE-2019-14297 Veeam Cross-site Scripting vulnerability in Veeam ONE Reporter 9.5.0.3201

Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.

3.5
2019-07-26 CVE-2019-13057 Openldap
Canonical
Debian
Opensuse
Apple
Mcafee
Oracle
An issue was discovered in the server in OpenLDAP before 2.4.48.
3.5
2019-07-26 CVE-2019-1010147 BMC
Yellowfinbi
Cross-site Scripting vulnerability in multiple products

Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation.

3.5
2019-07-23 CVE-2019-2847 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2019-07-23 CVE-2019-2845 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2019-07-23 CVE-2019-2840 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2019-07-23 CVE-2019-2839 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2019-07-23 CVE-2019-2793 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

3.5
2019-07-23 CVE-2019-2770 Oracle Unspecified vulnerability in Oracle Hyperion Planning 11.1.2.4

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Smart View).

3.5
2019-07-23 CVE-2019-2735 Oracle Unspecified vulnerability in Oracle Hyperion Workspace 11.1.2.4

Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion (subcomponent: UI and Visualization).

3.5
2019-07-22 CVE-2019-1010235 Frog CMS Project Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 1.1

Frog CMS 1.1 is affected by: Cross Site Scripting (XSS).

3.5
2019-07-23 CVE-2019-2786 Oracle
Opensuse
HP
Canonical
Redhat
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
3.4
2019-07-23 CVE-2019-2807 Oracle Unspecified vulnerability in Oracle Solaris 11.4

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones).

3.3
2019-07-22 CVE-2019-1010220 Tcpdump Out-of-bounds Read vulnerability in Tcpdump 4.9.2

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read.

3.3
2019-07-23 CVE-2019-2766 Oracle
Mcafee
HP
Opensuse
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).
3.1
2019-07-23 CVE-2019-2738 Oracle
Canonical
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling).
3.1
2019-07-23 CVE-2019-2789 Oracle
Fedoraproject
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
2.7
2019-07-23 CVE-2019-2730 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).

2.7
2019-07-23 CVE-2019-2821 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE).

2.6
2019-07-23 CVE-2019-2818 Oracle Information Exposure Through Discrepancy vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).

2.6
2019-07-23 CVE-2019-2788 Oracle Unspecified vulnerability in Oracle Solaris 11.4

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Open Fabrics Tools).

2.6
2019-07-22 CVE-2019-3414 ZTE Cross-site Scripting vulnerability in ZTE Otcp Firmware

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability.

2.3
2019-07-23 CVE-2019-2814 Oracle
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
2.2
2019-07-26 CVE-2019-14284 Linux Divide By Zero vulnerability in Linux Kernel

In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero.

2.1
2019-07-26 CVE-2018-20855 Linux
Opensuse
Netapp
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 4.18.7.

2.1
2019-07-25 CVE-2019-2343 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

2.1
2019-07-25 CVE-2019-2241 Qualcomm Improper Input Validation vulnerability in Qualcomm products

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130

2.1
2019-07-25 CVE-2019-2240 Qualcomm 7PK - Errors vulnerability in Qualcomm products

While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9880, QCA9886, QCA9980, QCN5502, QCS404, QCS605, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130

2.1
2019-07-25 CVE-2019-2239 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130

2.1
2019-07-25 CVE-2019-2237 Qualcomm 7PK - Errors vulnerability in Qualcomm products

Failure in taking appropriate action to handle the error case If keypad gpio deactivation fails leads to silent failure scenario and subsequent logic gets executed everytime in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130

2.1
2019-07-25 CVE-2019-2236 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Null pointer dereference during secure application termination using specific application ids.

2.1
2019-07-24 CVE-2019-10968 Philips Improper Access Control vulnerability in Philips Zymed Holter 2010

Philips Holter 2010 Plus, all versions.

2.1
2019-07-23 CVE-2019-2877 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
2.1
2019-07-23 CVE-2019-2876 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
2.1
2019-07-23 CVE-2019-2875 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
2.1
2019-07-23 CVE-2019-2874 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
2.1
2019-07-23 CVE-2019-2873 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
2.1
2019-07-23 CVE-2019-2863 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
2.1
2019-07-23 CVE-2019-2861 Oracle XXE vulnerability in Oracle Hyperion Planning 11.1.2.4

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security).

2.1
2019-07-23 CVE-2019-2848 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
2.1
2019-07-23 CVE-2019-1010208 Idrix Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Idrix Truecrypt and Veracrypt

IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow.

2.1
2019-07-22 CVE-2019-2243 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Possible buffer overflow at the end of iterating loop while getting the version info and lead to information disclosure.

2.1
2019-07-23 CVE-2019-2850 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
1.9
2019-07-23 CVE-2019-2569 Oracle Unspecified vulnerability in Oracle Database Server 11.2.0.4/12.1.0.2/12.2.0.1

Vulnerability in the Core RDBMS component of Oracle Database Server.

1.2