Weekly Vulnerabilities Reports > August 19 to 25, 2019
Overview
540 new vulnerabilities reported during this period, including 42 critical vulnerabilities and 121 high severity vulnerabilities. This weekly summary report vulnerabilities in 642 products from 216 vendors including Adobe, IBM, Linux, Cisco, and Google. Vulnerabilities are notably categorized as "Cross-site Scripting", "Use After Free", "Out-of-bounds Read", "Out-of-bounds Write", and "Cross-Site Request Forgery (CSRF)".
- 462 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 235 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 459 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 75 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
42 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-08-23 | CVE-2019-1580 | Paloaltonetworks | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | 10.0 |
2019-08-23 | CVE-2019-15519 | Power Response Project | Path Traversal vulnerability in Power-Response Project Power-Response Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | 10.0 |
2019-08-22 | CVE-2019-11031 | Mirasys | Unrestricted Upload of File with Dangerous Type vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. | 10.0 |
2019-08-22 | CVE-2019-11030 | Mirasys | Deserialization of Untrusted Data vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. | 10.0 |
2019-08-21 | CVE-2019-1974 | Cisco | Improper Authentication vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. | 10.0 |
2019-08-21 | CVE-2019-1938 | Cisco | Improper Authentication vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. | 10.0 |
2019-08-21 | CVE-2019-1935 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. | 10.0 |
2019-08-20 | CVE-2019-8060 | Adobe | Command Injection vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. | 10.0 |
2019-08-20 | CVE-2019-8049 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. | 10.0 |
2019-08-20 | CVE-2019-2130 | Type Confusion vulnerability in Google Android In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. | 10.0 | |
2019-08-23 | CVE-2019-6695 | Fortinet | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager 6.2.0 Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. | 9.8 |
2019-08-23 | CVE-2019-10747 | SET Value Project | Resource Exhaustion vulnerability in Set-Value Project Set-Value set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. | 9.8 |
2019-08-23 | CVE-2019-10746 | Mixin Deep Project Fedoraproject Oracle | Argument Injection or Modification vulnerability in multiple products mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. | 9.8 |
2019-08-23 | CVE-2019-15505 | Linux Debian Canonical | Out-of-bounds Read vulnerability in multiple products drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). | 9.8 |
2019-08-23 | CVE-2019-15504 | Linux Canonical | Double Free vulnerability in multiple products drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). | 9.8 |
2019-08-22 | CVE-2015-9333 | Cformsii Project | SQL Injection vulnerability in Cformsii Project Cformsii The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | 9.8 |
2019-08-21 | CVE-2019-6177 | Lenovo | Information Exposure vulnerability in Lenovo Solution Center 03.12.003 A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. | 9.8 |
2019-08-21 | CVE-2019-1937 | Cisco | Improper Authentication vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. | 9.8 |
2019-08-20 | CVE-2019-4483 | IBM | SQL Injection vulnerability in IBM products IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. | 9.8 |
2019-08-20 | CVE-2019-4481 | IBM | SQL Injection vulnerability in IBM products IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. | 9.8 |
2019-08-23 | CVE-2019-15498 | Getvera | Argument Injection or Modification vulnerability in Getvera Vera Edge Firmware 1.7.4452 cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh. | 9.3 |
2019-08-21 | CVE-2019-15295 | Bitdefender | Untrusted Search Path vulnerability in Bitdefender Antivirus 2020 An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path. | 9.3 |
2019-08-20 | CVE-2019-2134 | Integer Overflow or Wraparound vulnerability in Google Android In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. | 9.3 | |
2019-08-20 | CVE-2019-2133 | Out-of-bounds Write vulnerability in Google Android In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 9.3 | |
2019-08-20 | CVE-2019-2132 | Unspecified vulnerability in Google Android It is possible to overlay the VPN dialog by a malicious application. | 9.3 | |
2019-08-20 | CVE-2019-2131 | Insecure Default Initialization of Resource vulnerability in Google Android An application with overlay permission can display overlays on top of settings UI. | 9.3 | |
2019-08-20 | CVE-2019-14684 | Trendmicro | Untrusted Search Path vulnerability in Trendmicro Password Manager 5.0 A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. | 9.3 |
2019-08-19 | CVE-2019-5631 | Rapid7 | Untrusted Search Path vulnerability in Rapid7 Insightappsec The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. | 9.3 |
2019-08-23 | CVE-2019-15530 | Dlink | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. | 9.0 |
2019-08-23 | CVE-2019-15529 | Dlink | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. | 9.0 |
2019-08-23 | CVE-2019-15528 | Dlink | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. | 9.0 |
2019-08-23 | CVE-2019-15527 | Dlink | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. | 9.0 |
2019-08-23 | CVE-2019-15526 | Dlink | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. | 9.0 |
2019-08-21 | CVE-2019-1896 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. | 9.0 |
2019-08-21 | CVE-2019-1885 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. | 9.0 |
2019-08-21 | CVE-2019-1871 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. | 9.0 |
2019-08-21 | CVE-2019-1865 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. | 9.0 |
2019-08-21 | CVE-2019-1864 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. | 9.0 |
2019-08-21 | CVE-2019-1863 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. | 9.0 |
2019-08-21 | CVE-2019-1850 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. | 9.0 |
2019-08-21 | CVE-2019-1634 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). | 9.0 |
2019-08-20 | CVE-2019-3968 | Open EMR | OS Command Injection vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form. | 9.0 |
121 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-08-21 | CVE-2019-13477 | Control Webpanel | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel 0.9.8.837 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. | 8.8 |
2019-08-20 | CVE-2019-2126 | Google Fedoraproject Canonical Opensuse | Double Free vulnerability in multiple products In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. | 8.8 |
2019-08-20 | CVE-2019-4117 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud Private IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2019-08-19 | CVE-2019-15150 | Schine Games | Cross-Site Request Forgery (CSRF) vulnerability in Schine.Games Mw-Oauth2Client 0.2/0.3 In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. | 8.8 |
2019-08-20 | CVE-2019-4424 | IBM | XXE vulnerability in IBM Business Process Manager IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-20 | CVE-2019-4340 | IBM | XXE vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-20 | CVE-2019-4433 | IBM | XXE vulnerability in IBM products IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-20 | CVE-2019-4419 | IBM | XXE vulnerability in IBM products IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-21 | CVE-2019-1900 | Cisco | NULL Pointer Dereference vulnerability in Cisco products A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. | 7.8 |
2019-08-21 | CVE-2019-15293 | Acdsee | Unspecified vulnerability in Acdsee Photo Studio 22.1 An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. | 7.8 |
2019-08-20 | CVE-2019-5036 | Origin Validation Error vulnerability in Google Nest CAM IQ Indoor Firmware 4620002 An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. | 7.8 | |
2019-08-20 | CVE-2019-5037 | Integer Overflow or Wraparound vulnerability in Google Nest CAM IQ Indoor Firmware 4620002 An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. | 7.8 | |
2019-08-20 | CVE-2019-11924 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Fizz A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. | 7.8 | |
2019-08-20 | CVE-2019-4294 | IBM | OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. | 7.8 |
2019-08-20 | CVE-2019-4253 | IBM | Unspecified vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. | 7.8 |
2019-08-20 | CVE-2018-1796 | IBM | Unspecified vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. | 7.8 |
2019-08-20 | CVE-2019-14687 | Trendmicro | Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0 A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. | 7.8 |
2019-08-20 | CVE-2019-15239 | Linux Debian | Use After Free vulnerability in multiple products In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. | 7.8 |
2019-08-19 | CVE-2019-11145 | Intel | Permission Issues vulnerability in Intel Driver & Support Assistant Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2019-08-19 | CVE-2019-6165 | Lenovo | Untrusted Search Path vulnerability in Lenovo Yoga 700-11Isk Firmware and Yoga 700-14Isk Firmware A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. | 7.8 |
2019-08-19 | CVE-2018-20976 | Linux | Use After Free vulnerability in Linux Kernel An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. | 7.8 |
2019-08-19 | CVE-2017-18552 | Linux | Out-of-bounds Write vulnerability in Linux Kernel An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. | 7.8 |
2019-08-19 | CVE-2016-10907 | Linux | Out-of-bounds Write vulnerability in Linux Kernel An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. | 7.8 |
2019-08-19 | CVE-2016-10905 | Linux | Use After Free vulnerability in Linux Kernel An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. | 7.8 |
2019-08-25 | CVE-2019-15538 | Linux Canonical Netapp Opensuse Debian Fedoraproject | Resource Exhaustion vulnerability in multiple products An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. | 7.5 |
2019-08-23 | CVE-2019-6698 | Fortinet | Use of Hard-coded Credentials vulnerability in Fortinet Fortirecorder Firmware Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | 7.5 |
2019-08-23 | CVE-2019-1581 | Paloaltonetworks | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. | 7.5 |
2019-08-23 | CVE-2019-15537 | Cesnet | SQL Injection vulnerability in Cesnet Proxystatistics The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. | 7.5 |
2019-08-23 | CVE-2019-15536 | Youracclaim | SQL Injection vulnerability in Youracclaim Acclaim The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. | 7.5 |
2019-08-23 | CVE-2019-15535 | Hostosm | SQL Injection vulnerability in Hostosm Tasking Manager Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. | 7.5 |
2019-08-23 | CVE-2019-11654 | Microfocus | Path Traversal vulnerability in Microfocus Verastream Host Integrator 7.5/7.6/7.7 Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | 7.5 |
2019-08-23 | CVE-2019-10750 | Deeply Project | Resource Exhaustion vulnerability in Deeply Project Deeply deeply is vulnerable to Prototype Pollution in versions before 3.1.0. | 7.5 |
2019-08-23 | CVE-2019-15494 | IT Novum | Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | 7.5 |
2019-08-23 | CVE-2019-15490 | IT Novum | Code Injection vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. | 7.5 |
2019-08-23 | CVE-2019-15513 | Openwrt Motorola | Improper Locking vulnerability in multiple products An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. | 7.5 |
2019-08-22 | CVE-2018-20987 | Tribulant | Deserialization of Untrusted Data vulnerability in Tribulant Newsletters The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. | 7.5 |
2019-08-22 | CVE-2015-9334 | Email Newsletter Project | SQL Injection vulnerability in Email-Newsletter Project Email-Newsletter 20.15 The email-newsletter plugin through 20.15 for WordPress has SQL injection. | 7.5 |
2019-08-22 | CVE-2013-7483 | Hbwsl | Improper Input Validation vulnerability in Hbwsl Slidedeck 2 The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. | 7.5 |
2019-08-22 | CVE-2016-10930 | Wpsupportplus | Improper Input Validation vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number. | 7.5 |
2019-08-22 | CVE-2014-10389 | Wpsupportplus | Improper Authentication vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. | 7.5 |
2019-08-22 | CVE-2014-10387 | Wpsupportplus | SQL Injection vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | 7.5 |
2019-08-22 | CVE-2019-14751 | Nltk | Path Traversal vulnerability in Nltk NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. | 7.5 |
2019-08-22 | CVE-2019-15323 | AD Inserter Project | Path Traversal vulnerability in AD Inserter Project AD Inserter The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | 7.5 |
2019-08-22 | CVE-2019-15322 | Wpmadeasy | Unspecified vulnerability in Wpmadeasy Shortcode Factory The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion. | 7.5 |
2019-08-22 | CVE-2019-15321 | Optiontree Project | Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. | 7.5 |
2019-08-22 | CVE-2019-15320 | Optiontree Project | Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled. | 7.5 |
2019-08-22 | CVE-2019-15319 | Optiontree Project | Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. | 7.5 |
2019-08-22 | CVE-2018-20985 | Payeezy | Improper Input Validation vulnerability in Payeezy WP Payeezy PAY The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. | 7.5 |
2019-08-22 | CVE-2018-20984 | Patreon | Deserialization of Untrusted Data vulnerability in Patreon Wordpress The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. | 7.5 |
2019-08-22 | CVE-2017-18583 | Post PAY Counter Project | Injection vulnerability in Post PAY Counter Project Post PAY Counter The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. | 7.5 |
2019-08-22 | CVE-2017-18580 | Getshortcodes | Improper Input Validation vulnerability in Getshortcodes Shortcodes Ultimate The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. | 7.5 |
2019-08-22 | CVE-2016-10923 | Visser | Permissions, Privileges, and Access Controls vulnerability in Visser Store Toolkit for Woocommerce The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. | 7.5 |
2019-08-22 | CVE-2016-10922 | Visser | Permissions, Privileges, and Access Controls vulnerability in Visser Store Toolkit for Woocommerce The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. | 7.5 |
2019-08-22 | CVE-2014-10384 | Memphis Documents Library Project | Improper Input Validation vulnerability in Memphis Documents Library Project Memphis Documents Library The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. | 7.5 |
2019-08-22 | CVE-2014-10383 | Memphis Documents Library Project | Improper Input Validation vulnerability in Memphis Documents Library Project Memphis Documents Library The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. | 7.5 |
2019-08-22 | CVE-2019-15318 | Yikesinc | Code Injection vulnerability in Yikesinc Easy Forms FOR Mailchimp The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field. | 7.5 |
2019-08-22 | CVE-2019-14511 | Sphinxsearch | Missing Authentication for Critical Function vulnerability in Sphinxsearch Sphinx 3.1.1 Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only). | 7.5 |
2019-08-22 | CVE-2018-20979 | Rocklobster | Unspecified vulnerability in Rocklobster Contact Form 7 The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. | 7.5 |
2019-08-22 | CVE-2017-18573 | Simplerealtytheme | SQL Injection vulnerability in Simplerealtytheme Simple Login LOG The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. | 7.5 |
2019-08-22 | CVE-2017-18571 | Search Everything Project | SQL Injection vulnerability in Search Everything Project Search Everything The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316. | 7.5 |
2019-08-22 | CVE-2017-18570 | Cformsii Project | SQL Injection vulnerability in Cformsii Project Cformsii The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries. | 7.5 |
2019-08-22 | CVE-2016-10921 | AYS PRO | SQL Injection vulnerability in Ays-Pro Photo Gallery The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | 7.5 |
2019-08-22 | CVE-2016-10917 | Search Everything Project | SQL Injection vulnerability in Search Everything Project Search Everything The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. | 7.5 |
2019-08-22 | CVE-2016-10916 | Codepeople | SQL Injection vulnerability in Codepeople Appointment Booking Calendar The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. | 7.5 |
2019-08-22 | CVE-2015-9335 | Bestwebsoft | SQL Injection vulnerability in Bestwebsoft Limit Attempts The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. | 7.5 |
2019-08-21 | CVE-2019-11601 | Bosch | Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. | 7.5 |
2019-08-21 | CVE-2019-10687 | Kbpublisher | SQL Injection vulnerability in Kbpublisher 6.0.2.1 KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. | 7.5 |
2019-08-21 | CVE-2014-10379 | Duplicate Post Project | SQL Injection vulnerability in Duplicate Post Project Duplicate Post The duplicate-post plugin before 2.6 for WordPress has SQL injection. | 7.5 |
2019-08-21 | CVE-2019-15111 | WP Front END Profile Project | Unspecified vulnerability in WP Front END Profile Project WP Front END Profile 0.1/0.2/0.2.1 The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue. | 7.5 |
2019-08-21 | CVE-2016-10909 | Codepeople | SQL Injection vulnerability in Codepeople Booking Calendar Contact Form The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | 7.5 |
2019-08-20 | CVE-2019-8100 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8098 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8061 | Adobe | Use After Free vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8055 | Adobe | Use After Free vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8050 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8048 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a buffer error vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8047 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8046 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8045 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8044 | Adobe | Double Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8042 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8041 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8036 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8031 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8030 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8029 | Adobe | Use After Free vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8028 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8026 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8025 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8024 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8023 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8022 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8017 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8016 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8015 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8009 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8006 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. | 7.5 |
2019-08-20 | CVE-2019-8003 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 7.5 |
2019-08-20 | CVE-2019-7965 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 7.5 |
2019-08-20 | CVE-2019-4338 | IBM | Allocation of Resources Without Limits or Throttling vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. | 7.5 |
2019-08-20 | CVE-2019-4460 | IBM | Path Traversal vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. | 7.5 |
2019-08-20 | CVE-2019-4310 | IBM | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
2019-08-20 | CVE-2019-10745 | Assign Deep Project | Unspecified vulnerability in Assign-Deep Project Assign-Deep assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. | 7.5 |
2019-08-20 | CVE-2015-9330 | Soflyy | SQL Injection vulnerability in Soflyy WP ALL Import The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection. | 7.5 |
2019-08-20 | CVE-2019-15232 | Live555 | Use After Free vulnerability in Live555 Streaming Media Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors. | 7.5 |
2019-08-19 | CVE-2019-15224 | Rest Client Project | Code Injection vulnerability in Rest-Client Project Rest-Client The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 7.5 |
2019-08-20 | CVE-2019-15237 | Roundcube Fedoraproject | Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. | 7.4 |
2019-08-20 | CVE-2019-10086 | Apache Debian Opensuse Fedoraproject Redhat Oracle | Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. | 7.3 |
2019-08-25 | CVE-2019-15540 | Cdemu | Out-of-bounds Write vulnerability in Cdemu Libmirage 3.2.2 filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user. | 7.2 |
2019-08-21 | CVE-2019-15315 | Valvesoftware Microsoft | Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. | 7.2 |
2019-08-21 | CVE-2019-14685 | Trendmicro Microsoft | Unquoted Search Path or Element vulnerability in Trendmicro products A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. | 7.2 |
2019-08-21 | CVE-2019-1936 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. | 7.2 |
2019-08-21 | CVE-2019-1883 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. | 7.2 |
2019-08-21 | CVE-2019-1839 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 7.2 |
2019-08-21 | CVE-2019-14257 | Zenoss | Permissions, Privileges, and Access Controls vulnerability in Zenoss 2.5.3 pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765. | 7.2 |
2019-08-21 | CVE-2019-12622 | Cisco | Permission Issues vulnerability in Cisco products A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. | 7.2 |
2019-08-20 | CVE-2019-2128 | Out-of-bounds Write vulnerability in Google Android In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. | 7.2 | |
2019-08-20 | CVE-2019-2127 | Use After Free vulnerability in Google Android In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. | 7.2 | |
2019-08-20 | CVE-2019-2120 | Insecure Default Initialization of Resource vulnerability in Google Android In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. | 7.2 | |
2019-08-20 | CVE-2019-2135 | Out-of-bounds Read vulnerability in Google Android In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.1 | |
2019-08-19 | CVE-2016-10906 | Linux | Use After Free vulnerability in Linux Kernel An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. | 7.0 |
356 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-08-21 | CVE-2019-15316 | Valvesoftware Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. | 6.9 |
2019-08-20 | CVE-2019-2122 | Permissions, Privileges, and Access Controls vulnerability in Google Android In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. | 6.9 | |
2019-08-20 | CVE-2019-2121 | Race Condition vulnerability in Google Android 9.0 In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. | 6.9 | |
2019-08-20 | CVE-2019-12889 | Sailpoint | Improper Privilege Management vulnerability in Sailpoint Desktop Password Reset 7.2 An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. | 6.9 |
2019-08-19 | CVE-2019-15214 | Linux Canonical Opensuse | Use After Free vulnerability in Linux Kernel An issue was discovered in the Linux kernel before 5.0.10. | 6.9 |
2019-08-23 | CVE-2019-7364 | Autodesk | Uncontrolled Search Path Element vulnerability in Autodesk products DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. | 6.8 |
2019-08-23 | CVE-2019-7363 | Autodesk | Use After Free vulnerability in Autodesk Design Review Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. | 6.8 |
2019-08-23 | CVE-2019-7362 | Autodesk | Untrusted Search Path vulnerability in Autodesk Design Review DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. | 6.8 |
2019-08-23 | CVE-2019-15525 | Pw3270 Project | Improper Certificate Validation vulnerability in Pw3270 Project Pw3270 There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | 6.8 |
2019-08-23 | CVE-2019-15491 | IT Novum | Cross-Site Request Forgery (CSRF) vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | 6.8 |
2019-08-22 | CVE-2019-15329 | Codection | Cross-Site Request Forgery (CSRF) vulnerability in Codection Import Users From CSV With Meta The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. | 6.8 |
2019-08-22 | CVE-2016-10918 | Supsystic | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Photo Gallery The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. | 6.8 |
2019-08-21 | CVE-2019-14686 | Trendmicro | Untrusted Search Path vulnerability in Trendmicro products A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges. | 6.8 |
2019-08-21 | CVE-2019-15074 | Mantisbt | Cross-site Scripting vulnerability in Mantisbt The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. | 6.8 |
2019-08-21 | CVE-2019-12624 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
2019-08-21 | CVE-2017-18521 | WP Kama | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Kama Democracy Poll The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n. | 6.8 |
2019-08-21 | CVE-2019-5041 | Aspose | Out-of-bounds Write vulnerability in Aspose Aspose.Words 18.11.0.0 An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. | 6.8 |
2019-08-21 | CVE-2019-5033 | Aspose | Out-of-bounds Read vulnerability in Aspose Aspose.Cells 19.1.0 An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. | 6.8 |
2019-08-21 | CVE-2019-5032 | Aspose | Out-of-bounds Read vulnerability in Aspose Aspose.Cells 19.1.0 An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. | 6.8 |
2019-08-21 | CVE-2016-10903 | Godaddy | Cross-Site Request Forgery (CSRF) vulnerability in Godaddy Email Marketing The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF. | 6.8 |
2019-08-21 | CVE-2016-10902 | Gowebsolutions | Cross-Site Request Forgery (CSRF) vulnerability in Gowebsolutions WP Customer Reviews The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools. | 6.8 |
2019-08-21 | CVE-2019-15296 | Audiocoding Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 6.8 |
2019-08-20 | CVE-2019-5035 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Nest CAM IQ Indoor Firmware 4620002 An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. | 6.8 | |
2019-08-20 | CVE-2019-8057 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 6.8 |
2019-08-20 | CVE-2019-5039 | Openweave | Out-of-bounds Write vulnerability in Openweave Openweave-Core 4.0.2 An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. | 6.8 |
2019-08-20 | CVE-2019-5038 | Openweave | Out-of-bounds Write vulnerability in Openweave Openweave-Core 4.0.2 An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. | 6.8 |
2019-08-20 | CVE-2019-8039 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 6.8 |
2019-08-20 | CVE-2019-8038 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 6.8 |
2019-08-20 | CVE-2019-8034 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 6.8 |
2019-08-20 | CVE-2019-8033 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 6.8 |
2019-08-20 | CVE-2019-8027 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 6.8 |
2019-08-20 | CVE-2019-8019 | Adobe | Type Confusion vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. | 6.8 |
2019-08-20 | CVE-2019-8014 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. | 6.8 |
2019-08-20 | CVE-2019-8013 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 6.8 |
2019-08-20 | CVE-2019-8008 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. | 6.8 |
2019-08-20 | CVE-2019-13520 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Alpha5 Smart Loader Firmware Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. | 6.8 |
2019-08-20 | CVE-2017-18523 | Eelv Newsletter Project | Cross-Site Request Forgery (CSRF) vulnerability in Eelv Newsletter Project Eelv Newsletter The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. | 6.8 |
2019-08-20 | CVE-2019-15238 | Cformsii Project | Cross-Site Request Forgery (CSRF) vulnerability in Cformsii Project Cformsii The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. | 6.8 |
2019-08-20 | CVE-2017-18569 | Mythemeshop | Cross-Site Request Forgery (CSRF) vulnerability in Mythemeshop MY WP Translate The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. | 6.8 |
2019-08-20 | CVE-2016-10915 | Supsystic | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Popup The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. | 6.8 |
2019-08-20 | CVE-2016-10914 | ADD From Server Project | Cross-Site Request Forgery (CSRF) vulnerability in ADD From Server Project ADD From Server 3.3/3.3.1 The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file. | 6.8 |
2019-08-20 | CVE-2014-10381 | User Domain Whitelist Project | Cross-Site Request Forgery (CSRF) vulnerability in User Domain Whitelist Project User Domain Whitelist The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. | 6.8 |
2019-08-20 | CVE-2011-5328 | User Access Manager Project | Cross-Site Request Forgery (CSRF) vulnerability in User Access Manager Project User Access Manager The user-access-manager plugin before 1.2 for WordPress has CSRF. | 6.8 |
2019-08-20 | CVE-2019-15229 | Thedaylightstudio | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. | 6.8 |
2019-08-19 | CVE-2019-6171 | Lenovo | Unspecified vulnerability in Lenovo products A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. | 6.8 |
2019-08-20 | CVE-2018-1636 | IBM | Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 12.10 Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. | 6.7 |
2019-08-20 | CVE-2018-1635 | IBM | Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 12.10 Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. | 6.7 |
2019-08-20 | CVE-2018-1634 | IBM | Link Following vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. | 6.7 |
2019-08-20 | CVE-2018-1633 | IBM | Link Following vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. | 6.7 |
2019-08-20 | CVE-2018-1632 | IBM | Link Following vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. | 6.7 |
2019-08-20 | CVE-2018-1631 | IBM | Link Following vulnerability in IBM Informix Dynamic Server 12.1 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. | 6.7 |
2019-08-20 | CVE-2018-1630 | IBM | Link Following vulnerability in IBM Informix Dynamic Server 12.1 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. | 6.7 |
2019-08-19 | CVE-2017-18551 | Linux Opensuse | Out-of-bounds Write vulnerability in multiple products An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. | 6.7 |
2019-08-23 | CVE-2019-1582 | Paloaltonetworks | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. | 6.5 |
2019-08-23 | CVE-2019-15531 | GNU Debian Fedoraproject | Out-of-bounds Read vulnerability in multiple products GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. | 6.5 |
2019-08-23 | CVE-2019-13423 | Search Guard | Permissions, Privileges, and Access Controls vulnerability in Search-Guard Search Guard Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. | 6.5 |
2019-08-22 | CVE-2019-15060 | TP Link | OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. | 6.5 |
2019-08-22 | CVE-2019-12385 | Ampache | SQL Injection vulnerability in Ampache An issue was discovered in Ampache through 3.9.1. | 6.5 |
2019-08-22 | CVE-2018-18573 | Oscommerce | Code Injection vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 6.5 |
2019-08-22 | CVE-2018-18572 | Oscommerce | Unrestricted Upload of File with Dangerous Type vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 6.5 |
2019-08-22 | CVE-2019-15324 | AD Inserter Project | Improper Input Validation vulnerability in AD Inserter Project AD Inserter The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. | 6.5 |
2019-08-21 | CVE-2019-1907 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. | 6.5 |
2019-08-21 | CVE-2019-14246 | Centos Webpanel | Authorization Bypass Through User-Controlled Key vulnerability in Centos-Webpanel Centos web Panel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account. | 6.5 |
2019-08-21 | CVE-2019-14245 | Centos Webpanel | Authorization Bypass Through User-Controlled Key vulnerability in Centos-Webpanel Centos web Panel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account. | 6.5 |
2019-08-21 | CVE-2019-13458 | Otrs Debian | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. | 6.5 |
2019-08-21 | CVE-2019-12746 | Otrs Debian | Information Exposure vulnerability in multiple products An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. | 6.5 |
2019-08-20 | CVE-2019-4167 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Storediq IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2019-08-20 | CVE-2019-11209 | Tibco | Unspecified vulnerability in Tibco FTL 6.0.0/6.0.1/6.1.0 The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. | 6.5 |
2019-08-23 | CVE-2019-15493 | IT Novum | Unspecified vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | 6.4 |
2019-08-22 | CVE-2017-18586 | Insert Pages Project | Path Traversal vulnerability in Insert Pages Project Insert Pages The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. | 6.4 |
2019-08-22 | CVE-2014-10390 | Wpsupportplus | Path Traversal vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. | 6.4 |
2019-08-22 | CVE-2019-7617 | Elastic | Improper Input Validation vulnerability in Elastic APM Agent When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. | 6.4 |
2019-08-22 | CVE-2016-10927 | Neliosoftware | Server-Side Request Forgery (SSRF) vulnerability in Neliosoftware Nelio AB Testing The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. | 6.4 |
2019-08-22 | CVE-2016-10926 | Neliosoftware | Server-Side Request Forgery (SSRF) vulnerability in Neliosoftware Nelio AB Testing The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. | 6.4 |
2019-08-22 | CVE-2018-20981 | Ninjaforms | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | 6.4 |
2019-08-20 | CVE-2019-6143 | Forcepoint | Improper Authentication vulnerability in Forcepoint Next Generation Firewall Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. | 6.4 |
2019-08-20 | CVE-2019-7594 | Johnsoncontrols | Use of Hard-coded Credentials vulnerability in Johnsoncontrols Metasys System Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP). | 6.4 |
2019-08-20 | CVE-2019-7593 | Johnsoncontrols | Use of Hard-coded Credentials vulnerability in Johnsoncontrols Metasys System Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). | 6.4 |
2019-08-20 | CVE-2019-4420 | IBM | Information Exposure Through an Error Message vulnerability in IBM products IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. | 6.2 |
2019-08-22 | CVE-2014-10386 | 3CX | Injection vulnerability in 3CX Live Chat The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. | 6.1 |
2019-08-22 | CVE-2018-20982 | Davidlingren | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | 6.1 |
2019-08-22 | CVE-2013-7480 | Pixelite | Cross-site Scripting vulnerability in Pixelite Events Manager The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | 6.1 |
2019-08-22 | CVE-2013-7479 | Pixelite | Cross-site Scripting vulnerability in Pixelite Events Manager The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | 6.1 |
2019-08-22 | CVE-2013-7478 | Pixelite | Cross-site Scripting vulnerability in Pixelite Events Manager The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | 6.1 |
2019-08-22 | CVE-2013-7477 | Pixelite | Cross-site Scripting vulnerability in Pixelite Events Manager The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | 6.1 |
2019-08-22 | CVE-2012-6716 | Pixelite | Cross-site Scripting vulnerability in Pixelite Events Manager The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | 6.1 |
2019-08-21 | CVE-2017-18559 | Cformsii Project | Cross-site Scripting vulnerability in Cformsii Project Cformsii The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues. | 6.1 |
2019-08-21 | CVE-2016-10891 | Pojo | Cross-site Scripting vulnerability in Pojo Activity LOG The aryo-activity-log plugin before 2.3.3 for WordPress has XSS. | 6.1 |
2019-08-21 | CVE-2016-10890 | Pojo | Cross-site Scripting vulnerability in Pojo Activity LOG The aryo-activity-log plugin before 2.3.2 for WordPress has XSS. | 6.1 |
2019-08-21 | CVE-2014-10377 | Cformsii Project | Cross-site Scripting vulnerability in Cformsii Project Cformsii The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | 6.1 |
2019-08-21 | CVE-2019-15112 | WP Slimstat | Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics The wp-slimstat plugin before 4.8.1 for WordPress has XSS. | 6.1 |
2019-08-21 | CVE-2019-15109 | Stellarwp | Cross-site Scripting vulnerability in Stellarwp the Events Calendar The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. | 6.1 |
2019-08-21 | CVE-2017-18540 | Deepsoft | Cross-site Scripting vulnerability in Deepsoft Weblibrarian The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes. | 6.1 |
2019-08-21 | CVE-2017-18539 | Deepsoft | Cross-site Scripting vulnerability in Deepsoft Weblibrarian The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes. | 6.1 |
2019-08-21 | CVE-2017-18538 | Deepsoft | Cross-site Scripting vulnerability in Deepsoft Weblibrarian The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes. | 6.1 |
2019-08-20 | CVE-2015-9320 | Optiontree Project | Cross-site Scripting vulnerability in Optiontree Project Optiontree The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. | 6.1 |
2019-08-20 | CVE-2016-10893 | Crayon Syntax Highlighter Project | Cross-site Scripting vulnerability in Crayon Syntax Highlighter Project Crayon Syntax Highlighter The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests. | 6.1 |
2019-08-23 | CVE-2019-15092 | Webtoffee | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. | 6.0 |
2019-08-23 | CVE-2019-1583 | Paloaltonetworks | Cross-site Scripting vulnerability in Paloaltonetworks Twistlock 19.07.357 Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. | 6.0 |
2019-08-23 | CVE-2016-6154 | Watchguard Microsoft | Cross-site Scripting vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 5.8 |
2019-08-23 | CVE-2019-10751 | Httpie | Open Redirect vulnerability in Httpie All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. | 5.8 |
2019-08-23 | CVE-2019-13422 | Search Guard | Open Redirect vulnerability in Search-Guard Search Guard Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | 5.8 |
2019-08-23 | CVE-2019-11589 | Atlassian | Open Redirect vulnerability in Atlassian Jira Server The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | 5.8 |
2019-08-23 | CVE-2019-11585 | Atlassian | Open Redirect vulnerability in Atlassian Jira The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | 5.8 |
2019-08-21 | CVE-2019-12621 | Cisco | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco products A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. | 5.8 |
2019-08-20 | CVE-2015-9332 | Wordpress Uninstall Project | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Uninstall Project Wordpress Uninstall 1.0/1.1 The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | 5.8 |
2019-08-20 | CVE-2019-11521 | Open Xchange | Improper Privilege Management vulnerability in Open-Xchange Appsuite 7.10.1 OX App Suite 7.10.1 allows Content Spoofing. | 5.8 |
2019-08-19 | CVE-2019-0173 | Intel | Unspecified vulnerability in Intel Raid web Console 2 Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. | 5.8 |
2019-08-20 | CVE-2019-4425 | IBM | Unspecified vulnerability in IBM products IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. | 5.7 |
2019-08-23 | CVE-2019-12400 | Apache Redhat Oracle | Improper Input Validation vulnerability in multiple products In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. | 5.5 |
2019-08-23 | CVE-2019-13014 | Obdev | Incomplete Cleanup vulnerability in Obdev Little Snitch 4.4.0 Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. | 5.5 |
2019-08-23 | CVE-2019-13013 | Obdev | Missing Authorization vulnerability in Obdev Little Snitch 4.3.0/4.3.1/4.3.2 Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. | 5.5 |
2019-08-22 | CVE-2017-18585 | Ivycat | Path Traversal vulnerability in Page The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. | 5.5 |
2019-08-21 | CVE-2019-1984 | Cisco | Improper Input Validation vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure Sofware A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. | 5.5 |
2019-08-21 | CVE-2019-3634 | Mcafee | Out-of-bounds Read vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0 Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory. | 5.5 |
2019-08-21 | CVE-2019-3633 | Mcafee | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0 Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory. | 5.5 |
2019-08-22 | CVE-2019-15317 | Givewp | Cross-site Scripting vulnerability in Givewp The give plugin before 2.4.7 for WordPress has XSS via a donor name. | 5.4 |
2019-08-21 | CVE-2019-13476 | Control Webpanel | Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.837 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | 5.4 |
2019-08-20 | CVE-2019-4482 | IBM | Cross-site Scripting vulnerability in IBM Emptoris Spend Analysis IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. | 5.4 |
2019-08-20 | CVE-2019-4120 | IBM | Cross-site Scripting vulnerability in IBM Cloud Private IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. | 5.4 |
2019-08-21 | CVE-2019-15045 | Zohocorp | Information Exposure vulnerability in Zohocorp Manageengine Servicedesk Plus AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. | 5.3 |
2019-08-21 | CVE-2019-13599 | Control Webpanel | Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.848 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. | 5.3 |
2019-08-20 | CVE-2019-4437 | IBM | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. | 5.3 |
2019-08-19 | CVE-2019-6178 | Lenovo | Unspecified vulnerability in Lenovo products An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. | 5.3 |
2019-08-23 | CVE-2018-13367 | Fortinet | Information Exposure vulnerability in Fortinet Fortios An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | 5.0 |
2019-08-23 | CVE-2019-15520 | Comelz | Path Traversal vulnerability in Comelz Quark 0.2 comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | 5.0 |
2019-08-23 | CVE-2019-15518 | Swoole | Path Traversal vulnerability in Swoole Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | 5.0 |
2019-08-23 | CVE-2019-15516 | Cuberite | Path Traversal vulnerability in Cuberite Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. | 5.0 |
2019-08-23 | CVE-2019-8446 | Atlassian | Incorrect Authorization vulnerability in Atlassian Jira Server The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. | 5.0 |
2019-08-23 | CVE-2019-8445 | Atlassian | Missing Authorization vulnerability in Atlassian Jira Server Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. | 5.0 |
2019-08-23 | CVE-2019-15514 | Telegram | Information Exposure vulnerability in Telegram 5.10.0 The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers. | 5.0 |
2019-08-22 | CVE-2019-15326 | Codection | Path Traversal vulnerability in Codection Import Users From CSV With Meta The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. | 5.0 |
2019-08-22 | CVE-2019-15325 | Galliumos | Unspecified vulnerability in Galliumos 3.0 In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not. | 5.0 |
2019-08-22 | CVE-2016-10929 | Advanced Ajax Page Loader Project | Permissions, Privileges, and Access Controls vulnerability in Advanced Ajax Page Loader Project Advanced Ajax Page Loader The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in. | 5.0 |
2019-08-22 | CVE-2016-10928 | Onelogin | Use of Hard-coded Credentials vulnerability in Onelogin Saml SSO The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. | 5.0 |
2019-08-22 | CVE-2015-9340 | Iptanus | Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | 5.0 |
2019-08-22 | CVE-2015-9339 | Iptanus | Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | 5.0 |
2019-08-22 | CVE-2015-9338 | Iptanus | Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | 5.0 |
2019-08-22 | CVE-2019-15330 | Webp Express Project | Information Exposure vulnerability in Webp Express Project Webp Express The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. | 5.0 |
2019-08-22 | CVE-2018-20988 | Google Forms Project | Code Injection vulnerability in Google Forms Project Google Forms The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. | 5.0 |
2019-08-22 | CVE-2015-9341 | Iptanus | Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | 5.0 |
2019-08-22 | CVE-2014-10388 | Wpsupportplus | Information Exposure vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. | 5.0 |
2019-08-22 | CVE-2019-9154 | Openpgpjs | Improper Verification of Cryptographic Signature vulnerability in Openpgpjs Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed. | 5.0 |
2019-08-22 | CVE-2019-9153 | Openpgpjs | Improper Verification of Cryptographic Signature vulnerability in Openpgpjs Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature. | 5.0 |
2019-08-22 | CVE-2019-11029 | Mirasys | Path Traversal vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. | 5.0 |
2019-08-22 | CVE-2019-5635 | Belwith Keeler | Cleartext Transmission of Sensitive Information vulnerability in Belwith-Keeler Hickory Smart Ethernet Bridge Firmware A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. | 5.0 |
2019-08-22 | CVE-2017-18584 | Post PAY Counter Project | Permissions, Privileges, and Access Controls vulnerability in Post PAY Counter Project Post PAY Counter The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action. | 5.0 |
2019-08-22 | CVE-2016-10924 | Zedna Ebook Download Project | Path Traversal vulnerability in Zedna Ebook Download Project Zedna Ebook Download 1.0/1.1 The ebook-download plugin before 1.2 for WordPress has directory traversal. | 5.0 |
2019-08-22 | CVE-2015-9337 | Cozmoslabs | Improper Access Control vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | 5.0 |
2019-08-22 | CVE-2018-20980 | Ninjaforms | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | 5.0 |
2019-08-21 | CVE-2019-11603 | Bosch | Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | 5.0 |
2019-08-21 | CVE-2019-11602 | Bosch | Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | 5.0 |
2019-08-21 | CVE-2018-17791 | Newgensoft | Incorrect Resource Transfer Between Spheres vulnerability in Newgensoft Omniflow Intelligent Business Process Suite 7.0 Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. | 5.0 |
2019-08-21 | CVE-2019-1908 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. | 5.0 |
2019-08-21 | CVE-2019-14258 | Zenoss | XXE vulnerability in Zenoss 2.5.3 The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. | 5.0 |
2019-08-21 | CVE-2019-12634 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
2019-08-21 | CVE-2019-12627 | Cisco | Improper Access Control vulnerability in Cisco Firepower Threat Defense A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. | 5.0 |
2019-08-21 | CVE-2019-11897 | Bosch | Server-Side Request Forgery (SSRF) vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. | 5.0 |
2019-08-21 | CVE-2016-10899 | Fabrix | Improper Input Validation vulnerability in Fabrix Total Security The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability. | 5.0 |
2019-08-20 | CVE-2019-5034 | Out-of-bounds Read vulnerability in Google Nest CAM IQ Indoor Firmware 4620002 An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. | 5.0 | |
2019-08-20 | CVE-2019-8106 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8105 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8104 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8103 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8102 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8101 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an integer overflow vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8099 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an integer overflow vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8097 | Adobe | Unspecified vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an internal ip disclosure vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8096 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8095 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8094 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8077 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-5040 | Openweave | Integer Overflow or Wraparound vulnerability in multiple products An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. | 5.0 |
2019-08-20 | CVE-2019-10960 | Zebra | Credentials Management vulnerability in Zebra products Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. | 5.0 |
2019-08-20 | CVE-2019-8043 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8032 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8021 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8020 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8018 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8012 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8011 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8010 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8007 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8005 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8004 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-8002 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 5.0 |
2019-08-20 | CVE-2019-4402 | IBM | Unspecified vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. | 5.0 |
2019-08-20 | CVE-2015-9331 | Soflyy | 7PK - Security Features vulnerability in Soflyy WP ALL Import The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | 5.0 |
2019-08-20 | CVE-2015-9318 | Getawesomesupport | 7PK - Security Features vulnerability in Getawesomesupport Awesome Support The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. | 5.0 |
2019-08-20 | CVE-2019-14430 | Youphptube | SQL Injection vulnerability in Youphptube plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | 5.0 |
2019-08-19 | CVE-2019-15225 | Envoyproxy | Allocation of Resources Without Limits or Throttling vulnerability in Envoyproxy Envoy In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. | 5.0 |
2019-08-19 | CVE-2019-15160 | Kbrw | XXE vulnerability in Kbrw Sweet XML The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD. | 5.0 |
2019-08-23 | CVE-2019-15517 | Jc21 | Path Traversal vulnerability in Jc21 Nginx Proxy Manager jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | 4.9 |
2019-08-20 | CVE-2019-2137 | Improper Input Validation vulnerability in Google Android 9.0 In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. | 4.9 | |
2019-08-20 | CVE-2019-2136 | Out-of-bounds Read vulnerability in Google Android In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. | 4.9 | |
2019-08-20 | CVE-2019-15291 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 5.2.9. | 4.9 |
2019-08-19 | CVE-2019-11276 | Pivotal Software | Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. | 4.8 |
2019-08-21 | CVE-2019-15292 | Linux Debian Canonical | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 5.0.9. | 4.7 |
2019-08-22 | CVE-2019-13139 | Docker | OS Command Injection vulnerability in Docker In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. | 4.6 |
2019-08-19 | CVE-2019-15223 | Linux Netapp Canonical | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.1.8. | 4.6 |
2019-08-19 | CVE-2019-15222 | Linux Netapp Opensuse | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.2.8. | 4.6 |
2019-08-19 | CVE-2019-15221 | Linux Netapp Canonical Debian Opensuse | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.1.17. | 4.6 |
2019-08-19 | CVE-2019-15220 | Linux Netapp Canonical Debian Opensuse | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 5.2.1. | 4.6 |
2019-08-19 | CVE-2019-15219 | Linux Netapp Canonical Debian Opensuse | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.1.8. | 4.6 |
2019-08-19 | CVE-2019-15218 | Linux Netapp Canonical Debian Oracle Opensuse | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.1.8. | 4.6 |
2019-08-19 | CVE-2019-15217 | Linux Netapp Canonical Debian Opensuse | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.2.3. | 4.6 |
2019-08-19 | CVE-2019-15216 | Linux Netapp Canonical Debian Opensuse | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.0.14. | 4.6 |
2019-08-19 | CVE-2019-15215 | Linux Netapp Canonical Debian Opensuse | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 5.2.6. | 4.6 |
2019-08-19 | CVE-2019-15213 | Linux Netapp Opensuse | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 5.2.3. | 4.6 |
2019-08-19 | CVE-2019-15212 | Linux Netapp Canonical Debian Opensuse | Double Free vulnerability in multiple products An issue was discovered in the Linux kernel before 5.1.8. | 4.6 |
2019-08-19 | CVE-2019-15211 | Linux Netapp Canonical Debian Opensuse | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 5.2.6. | 4.6 |
2019-08-19 | CVE-2019-11163 | Intel | Unspecified vulnerability in Intel Processor Identification Utility Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | 4.6 |
2019-08-19 | CVE-2019-11162 | Intel | Unspecified vulnerability in Intel Computing Improvement Program Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | 4.6 |
2019-08-19 | CVE-2019-11148 | Intel | Unspecified vulnerability in Intel Remote Displays SDK 1.0/1.1/2.0 Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2019-08-19 | CVE-2019-11146 | Intel | Permission Issues vulnerability in Intel Driver & Support Assistant 3.5.0.1 Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2019-08-19 | CVE-2019-11143 | Intel | Unspecified vulnerability in Intel Authenticate 3.7 Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2019-08-19 | CVE-2019-11140 | Intel | Improper Input Validation vulnerability in Intel products Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 4.6 |
2019-08-20 | CVE-2019-2125 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. | 4.4 | |
2019-08-23 | CVE-2019-5594 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortinac 8.3.0/8.3.6/8.5.0 An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | 4.3 |
2019-08-23 | CVE-2019-5592 | Fortinet | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortios IPS Engine Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. | 4.3 |
2019-08-23 | CVE-2019-8447 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
2019-08-23 | CVE-2019-14999 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Universal Plugin Manager The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator. | 4.3 |
2019-08-23 | CVE-2019-11588 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira and Jira Server The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
2019-08-23 | CVE-2019-11587 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira and Jira Server Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | 4.3 |
2019-08-23 | CVE-2019-11586 | Atlassian | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. | 4.3 |
2019-08-23 | CVE-2019-11584 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. | 4.3 |
2019-08-23 | CVE-2019-15492 | IT Novum | Cross-site Scripting vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | 4.3 |
2019-08-23 | CVE-2019-15488 | Igniterealtime | Cross-site Scripting vulnerability in Igniterealtime Openfire Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. | 4.3 |
2019-08-23 | CVE-2019-15487 | Schoolexperience | Cross-site Scripting vulnerability in Schoolexperience Department FOR Education School Experience DfE School Experience before v16333-GA has XSS via a teacher training URL. | 4.3 |
2019-08-23 | CVE-2019-15486 | Django JS Reverse Project | Cross-site Scripting vulnerability in Django JS Reverse Project Django JS Reserve django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | 4.3 |
2019-08-23 | CVE-2019-15485 | Boltcms | Cross-site Scripting vulnerability in Boltcms Bolt Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. | 4.3 |
2019-08-23 | CVE-2019-15484 | Boltcms | Cross-site Scripting vulnerability in Boltcms Bolt Bolt before 3.6.10 has XSS via an image's alt or title field. | 4.3 |
2019-08-23 | CVE-2019-15483 | Boltcms | Cross-site Scripting vulnerability in Boltcms Bolt Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. | 4.3 |
2019-08-23 | CVE-2019-15482 | Selectize Plugin A11Y Project | Cross-site Scripting vulnerability in Selectize-Plugin-A11Y Project Selectize-Plugin-A11Y selectize-plugin-a11y before 1.1.0 has XSS via the msg field. | 4.3 |
2019-08-23 | CVE-2019-15481 | Kimai | Cross-site Scripting vulnerability in Kimai 2 Kimai v2 before 1.1 has XSS via a timesheet description. | 4.3 |
2019-08-23 | CVE-2019-15477 | Jooby | Cross-site Scripting vulnerability in Jooby Jooby before 1.6.4 has XSS via the default error handler. | 4.3 |
2019-08-23 | CVE-2019-15476 | Former Project | Cross-site Scripting vulnerability in Former Project Former Former before 4.2.1 has XSS via a checkbox value. | 4.3 |
2019-08-23 | CVE-2019-15499 | Hackmd | Cross-site Scripting vulnerability in Hackmd Codimd 1.3.1 CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. | 4.3 |
2019-08-22 | CVE-2019-15328 | Codection | Cross-site Scripting vulnerability in Codection Import Users From CSV With Meta The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2019-15327 | Codection | Cross-site Scripting vulnerability in Codection Import Users From CSV With Meta The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. | 4.3 |
2019-08-22 | CVE-2017-18579 | Dwbooster | Cross-site Scripting vulnerability in Dwbooster Corner AD The corner-ad plugin before 1.0.8 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2017-18578 | Crafty Social Buttons Project | Cross-site Scripting vulnerability in Crafty Social Buttons Project Crafty Social Buttons The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2014-10393 | Cformsii Project | Cross-site Scripting vulnerability in Cformsii Project Cformsii The cforms2 plugin before 10.5 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2014-10382 | Pippinsplugins | Cross-Site Request Forgery (CSRF) vulnerability in Pippinsplugins Featured Comments The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. | 4.3 |
2019-08-22 | CVE-2019-15331 | Wpsupportplus | Cross-site Scripting vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. | 4.3 |
2019-08-22 | CVE-2014-10394 | Saschart | Injection vulnerability in Saschart Rich Counter 1.0.5/1.1.0/1.1.5 The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. | 4.3 |
2019-08-22 | CVE-2014-10392 | Cformsii Project | Cross-site Scripting vulnerability in Cformsii Project Cformsii The cforms2 plugin before 10.2 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2014-10391 | Wpsupportplus | Injection vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. | 4.3 |
2019-08-22 | CVE-2019-9155 | Openpgpjs | Cryptographic Issues vulnerability in Openpgpjs A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key. | 4.3 |
2019-08-22 | CVE-2018-20983 | Meowapps | Cross-site Scripting vulnerability in Meowapps WP Retina 2X The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2017-18582 | Time Sheets Project | Cross-site Scripting vulnerability in Time Sheets Project Time Sheets The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues. | 4.3 |
2019-08-22 | CVE-2017-18581 | Time Sheets Project | Cross-site Scripting vulnerability in Time Sheets Project Time Sheets The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list. | 4.3 |
2019-08-22 | CVE-2017-18577 | Ibericode | Cross-site Scripting vulnerability in Ibericode Mailchimp The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg. | 4.3 |
2019-08-22 | CVE-2017-18576 | Event Notifier Project | Cross-site Scripting vulnerability in Event Notifier Project Event Notifier 1.0.0/1.0.1/1.2.0 The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation. | 4.3 |
2019-08-22 | CVE-2016-10925 | Profilepress | Cross-site Scripting vulnerability in Profilepress Loginwp The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. | 4.3 |
2019-08-22 | CVE-2014-10385 | Memphis Documents Library Project | Cross-site Scripting vulnerability in Memphis Documents Library Project Memphis Documents Library The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | 4.3 |
2019-08-22 | CVE-2013-7482 | Reflex Gallery Project | Cross-site Scripting vulnerability in Reflex Gallery Project Reflex Gallery The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2008-7321 | Tubepress | Cross-site Scripting vulnerability in Tubepress The tubepress plugin before 1.6.5 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2017-18575 | Newstatpress Project | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | 4.3 |
2019-08-22 | CVE-2017-18574 | Ninjaforms | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. | 4.3 |
2019-08-22 | CVE-2017-18572 | SIR | Cross-site Scripting vulnerability in SIR Gnucommerce The gnucommerce plugin before 1.4.2 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2016-10920 | SIR | Cross-site Scripting vulnerability in SIR Gnucommerce The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2016-10919 | Wassup Real Time Analytics Project | Cross-site Scripting vulnerability in Wassup Real Time Analytics Project Wassup Real Time Analytics The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | 4.3 |
2019-08-22 | CVE-2015-9336 | Codection | Cross-site Scripting vulnerability in Codection Clean Login The clean-login plugin before 1.5.1 for WordPress has reflected XSS. | 4.3 |
2019-08-22 | CVE-2013-7481 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Contact Form The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2009-5158 | Sumo | Improper Input Validation vulnerability in Sumo Google Analyticator The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. | 4.3 |
2019-08-21 | CVE-2019-1948 | Cisco | Improper Certificate Validation vulnerability in Cisco Webex Meetings 11.3/39.5 A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. | 4.3 |
2019-08-21 | CVE-2018-20977 | Brainstormforce | Cross-site Scripting vulnerability in Brainstormforce Schema The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. | 4.3 |
2019-08-21 | CVE-2018-20970 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft PDF & Print The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2017-18562 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Error LOG Viewer The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2017-18561 | Embed Images IN Comments Project | Cross-site Scripting vulnerability in Comments The embed-comment-images plugin before 0.6 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2017-18535 | Smokesignal Project | Cross-site Scripting vulnerability in Smokesignal Project Smokesignal The smokesignal plugin before 1.2.7 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2017-18525 | Megamenu | Cross-site Scripting vulnerability in Megamenu MAX Mega Menu The megamenu plugin before 2.4 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2017-18516 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Linkedin The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2014-10378 | Duplicate Post Project | Cross-site Scripting vulnerability in Duplicate Post Project Duplicate Post The duplicate-post plugin before 2.6 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2012-6714 | Count PER DAY Project | Cross-site Scripting vulnerability in Count PER DAY Project Count PER DAY The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. | 4.3 |
2019-08-21 | CVE-2017-18564 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Sender The sender plugin before 1.2.1 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2017-18563 | Swimordiesoftware | Cross-site Scripting vulnerability in Swimordiesoftware Rsvp The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen. | 4.3 |
2019-08-21 | CVE-2016-10912 | Matchboxdesigngroup | Cross-site Scripting vulnerability in Matchboxdesigngroup Universal Analytics The universal-analytics plugin before 1.3.1 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2016-10911 | Cozmoslabs | Cross-site Scripting vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2016-10910 | Formbuilder Project | Cross-site Scripting vulnerability in Formbuilder Project Formbuilder The formbuilder plugin before 1.06 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2015-9328 | Cozmoslabs | Cross-site Scripting vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 2.2.5 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2015-9327 | Flickr Justified Gallery Project | Cross-site Scripting vulnerability in Flickr Justified Gallery Project Flickr Justified Gallery The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2014-10380 | Cozmoslabs | Cross-site Scripting vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. | 4.3 |
2019-08-21 | CVE-2012-6715 | Formbuilder Project | Cross-site Scripting vulnerability in Formbuilder Project Formbuilder The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. | 4.3 |
2019-08-21 | CVE-2019-15110 | WP Front END Profile Project | Cross-site Scripting vulnerability in WP Front END Profile Project WP Front END Profile 0.1/0.2/0.2.1 The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2017-18565 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Updater The updater plugin before 1.35 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2017-18560 | Content Audit Project | Cross-site Scripting vulnerability in Content Audit Project Content Audit The content-audit plugin before 1.9.2 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2017-18558 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Testimonials The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2017-18557 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Google Maps The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2017-18556 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Google Analytics The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2017-18555 | Mediaburst | Cross-site Scripting vulnerability in Mediaburst Booking Calendar The booking-sms plugin before 1.1.0 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2017-18554 | Analytics Tracker Project | Cross-site Scripting vulnerability in Analytics Tracker Project Analytics Tracker The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event. | 4.3 |
2019-08-21 | CVE-2017-18553 | AD Buttons Project | Cross-site Scripting vulnerability in AD Buttons Project AD Buttons The ad-buttons plugin before 2.3.2 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2016-10908 | Codepeople | Cross-site Scripting vulnerability in Codepeople Booking Calendar Contact Form The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2016-10901 | Gowebsolutions | Cross-site Scripting vulnerability in Gowebsolutions WP Customer Reviews The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools. | 4.3 |
2019-08-21 | CVE-2016-10900 | Wpmanage | Cross-site Scripting vulnerability in Wpmanage UJI Countdown The uji-countdown plugin before 2.0.7 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2017-18537 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Visitors Online The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2017-18536 | Fullworks | Cross-site Scripting vulnerability in Fullworks Stop User Enumeration 1.3.5/1.3.6/1.3.7 The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2017-18534 | Share ON Diaspora Project | Cross-site Scripting vulnerability in Share ON Diaspora Project Share ON Diaspora The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters. | 4.3 |
2019-08-21 | CVE-2016-10898 | Fabrix | Cross-site Scripting vulnerability in Fabrix Total Security The total-security plugin before 3.4.1 for WordPress has XSS. | 4.3 |
2019-08-21 | CVE-2016-10897 | Sermon Browser Project | Cross-site Scripting vulnerability in Sermon Browser Project Sermon Browser The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues. | 4.3 |
2019-08-21 | CVE-2016-10896 | Clogica | Cross-site Scripting vulnerability in Clogica SEO Redirection The seo-redirection plugin before 4.3 for WordPress has stored XSS. | 4.3 |
2019-08-21 | CVE-2015-9321 | Wpmadeeasy | Cross-site Scripting vulnerability in Wpmadeeasy Shortcode Factory The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg. | 4.3 |
2019-08-20 | CVE-2019-8059 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8058 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8056 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8054 | Adobe | Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8053 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8052 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8051 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8040 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8037 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-08-20 | CVE-2019-8035 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat Reader DC Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-08-20 | CVE-2019-2129 | Out-of-bounds Read vulnerability in Google Android In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-08-20 | CVE-2019-4485 | IBM | Information Exposure Through an Error Message vulnerability in IBM products IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.3 |
2019-08-20 | CVE-2019-4484 | IBM | Information Exposure Through an Error Message vulnerability in IBM products IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.3 |
2019-08-20 | CVE-2019-4308 | IBM | Information Exposure Through an Error Message vulnerability in IBM products IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034. | 4.3 |
2019-08-20 | CVE-2019-3966 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. | 4.3 |
2019-08-20 | CVE-2019-3965 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. | 4.3 |
2019-08-20 | CVE-2019-3964 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. | 4.3 |
2019-08-20 | CVE-2019-3963 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. | 4.3 |
2019-08-20 | CVE-2018-20978 | Soflyy | Cross-site Scripting vulnerability in Soflyy WP ALL Import The wp-all-import plugin before 3.4.7 for WordPress has XSS. | 4.3 |
2019-08-20 | CVE-2017-18566 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft User Role The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2017-18533 | Rimons Twitter Widget Project | Cross-site Scripting vulnerability in Rimons Twitter Widget Project Rimons Twitter Widget The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. | 4.3 |
2019-08-20 | CVE-2017-18532 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Realty The realty plugin before 1.1.0 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2017-18531 | Raygun | Cross-site Scripting vulnerability in Raygun Raygun4Wp The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288. | 4.3 |
2019-08-20 | CVE-2017-18530 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Rating 0.1 The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2017-18529 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Promobar The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2017-18528 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft PDF & Print The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2017-18527 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Pagination The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2017-18526 | Lamp Solutions | Cross-site Scripting vulnerability in Lamp-Solutions Moreads SE The moreads-se plugin before 1.4.7 for WordPress has XSS. | 4.3 |
2019-08-20 | CVE-2017-18524 | Football Pool Project | Cross-site Scripting vulnerability in Football Pool Project Football Pool The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2017-18522 | Eelv Newsletter Project | Cross-site Scripting vulnerability in Eelv Newsletter Project Eelv Newsletter The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book. | 4.3 |
2019-08-20 | CVE-2017-18519 | Marvinlabs | Cross-site Scripting vulnerability in Marvinlabs WP Customer Area The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages. | 4.3 |
2019-08-20 | CVE-2017-18518 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Smtp The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2016-10895 | Optiontree Project | Cross-site Scripting vulnerability in Optiontree Project Optiontree The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request. | 4.3 |
2019-08-20 | CVE-2016-10892 | Kibokolabs | Cross-site Scripting vulnerability in Kibokolabs Chained Quiz The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2015-9319 | Greg S High Performance SEO Project | Cross-site Scripting vulnerability in Greg'S High Performance SEO Project Greg'S High Performance SEO The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser. | 4.3 |
2019-08-20 | CVE-2017-18568 | Mythemeshop | Cross-site Scripting vulnerability in Mythemeshop MY WP Translate The my-wp-translate plugin before 1.0.4 for WordPress has XSS. | 4.3 |
2019-08-20 | CVE-2017-18567 | Soflyy | Cross-site Scripting vulnerability in Soflyy WP ALL Import The wp-all-import plugin before 3.4.6 for WordPress has XSS. | 4.3 |
2019-08-20 | CVE-2017-18520 | WP Kama | Cross-site Scripting vulnerability in Wp-Kama Democracy Poll The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php. | 4.3 |
2019-08-20 | CVE-2017-18517 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Pinterest The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. | 4.3 |
2019-08-20 | CVE-2016-10913 | Joomunited | Cross-site Scripting vulnerability in Joomunited WP Latest Posts The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. | 4.3 |
2019-08-20 | CVE-2015-9329 | Soflyy | Cross-site Scripting vulnerability in Soflyy WP ALL Import The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. | 4.3 |
2019-08-20 | CVE-2015-9317 | Getawesomesupport | Cross-site Scripting vulnerability in Getawesomesupport Awesome Support The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages. | 4.3 |
2019-08-20 | CVE-2019-15233 | Oldstreetsolutions | Cross-site Scripting vulnerability in Oldstreetsolutions Live Input Macros The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie. | 4.3 |
2019-08-20 | CVE-2019-15082 | Yofla | Cross-site Scripting vulnerability in Yofla 360 Product Rotation The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS. | 4.3 |
2019-08-20 | CVE-2018-20975 | Fatfreecrm | Cross-site Scripting vulnerability in Fatfreecrm FAT Free CRM Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb. | 4.3 |
2019-08-20 | CVE-2019-15227 | Getflightpath | Cross-site Scripting vulnerability in Getflightpath Flightpath 4.8.3 FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. | 4.3 |
2019-08-19 | CVE-2019-6159 | Lenovo | Cross-site Scripting vulnerability in Lenovo products A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). | 4.3 |
2019-08-23 | CVE-2019-13421 | Search Guard | Information Exposure vulnerability in Search-Guard Search Guard Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database. | 4.0 |
2019-08-22 | CVE-2019-11013 | Softvelum | Path Traversal vulnerability in Softvelum Nimble Streamer Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. | 4.0 |
2019-08-21 | CVE-2019-12623 | Cisco | File and Directory Information Exposure vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. | 4.0 |
2019-08-20 | CVE-2019-3753 | Dell | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. | 4.0 |
2019-08-20 | CVE-2019-3967 | Open EMR | Path Traversal vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system. | 4.0 |
21 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-08-23 | CVE-2019-8444 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira Server The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. | 3.5 |
2019-08-23 | CVE-2019-15480 | Domoticz | Cross-site Scripting vulnerability in Domoticz 4.10717 Domoticz 4.10717 has XSS via item.Name. | 3.5 |
2019-08-23 | CVE-2019-15508 | Octopus | Cleartext Storage of Sensitive Information vulnerability in Octopus Server and Tentacle In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. | 3.5 |
2019-08-23 | CVE-2019-15507 | Octopus | Cleartext Storage of Sensitive Information vulnerability in Octopus Server In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. | 3.5 |
2019-08-22 | CVE-2018-20986 | Advancedcustomfields | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | 3.5 |
2019-08-22 | CVE-2019-12386 | Ampache | Cross-site Scripting vulnerability in Ampache An issue was discovered in Ampache through 3.9.1. | 3.5 |
2019-08-22 | CVE-2019-14469 | Sonatype | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | 3.5 |
2019-08-22 | CVE-2019-15314 | Tiki | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 18.4 tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | 3.5 |
2019-08-21 | CVE-2019-15127 | Vanderbilt | Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. | 3.5 |
2019-08-21 | CVE-2019-12626 | Cisco | Improper Input Validation vulnerability in Cisco Unified Contact Center Express 12.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |
2019-08-20 | CVE-2019-11522 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.0/7.10.1/7.10.2 OX App Suite 7.10.0 to 7.10.2 allows XSS. | 3.5 |
2019-08-20 | CVE-2019-15228 | Thedaylightstudio | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. | 3.5 |
2019-08-22 | CVE-2019-5634 | Belwith Keeler | Information Exposure Through Log Files vulnerability in Belwith-Keeler Hickory Smart 01.01.40/01.01.43 An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. | 2.1 |
2019-08-22 | CVE-2019-5633 | Belwith Keeler | Insecure Storage of Sensitive Information vulnerability in Belwith-Keeler Hickory Smart An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. | 2.1 |
2019-08-22 | CVE-2019-5632 | Belwith Keeler | Insecure Storage of Sensitive Information vulnerability in Belwith-Keeler Hickory Smart 01.01.40/01.01.43 An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. | 2.1 |
2019-08-21 | CVE-2019-11551 | Code42 | Improper Privilege Management vulnerability in Code42 products In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write. | 2.1 |
2019-08-20 | CVE-2019-4049 | IBM | Resource Exhaustion vulnerability in IBM MQ IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. | 2.1 |
2019-08-20 | CVE-2018-18056 | TI | Information Exposure vulnerability in TI Tm4C123 Firmware and Tm4C129 Firmware An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. | 2.1 |
2019-08-20 | CVE-2019-11806 | Open Xchange | Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite OX App Suite 7.10.1 and earlier has Insecure Permissions. | 2.1 |
2019-08-19 | CVE-2017-18550 | Linux | Information Exposure vulnerability in Linux Kernel An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. | 2.1 |
2019-08-19 | CVE-2017-18549 | Linux | Information Exposure vulnerability in Linux Kernel An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. | 2.1 |