Weekly Vulnerabilities Reports > August 19 to 25, 2019

Overview

540 new vulnerabilities reported during this period, including 42 critical vulnerabilities and 121 high severity vulnerabilities. This weekly summary report vulnerabilities in 642 products from 216 vendors including Adobe, IBM, Linux, Cisco, and Google. Vulnerabilities are notably categorized as "Cross-site Scripting", "Use After Free", "Out-of-bounds Read", "Out-of-bounds Write", and "Cross-Site Request Forgery (CSRF)".

  • 462 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 235 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 459 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 75 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

42 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-08-23 CVE-2019-1580 Paloaltonetworks Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.

10.0
2019-08-23 CVE-2019-15519 Power Response Project Path Traversal vulnerability in Power-Response Project Power-Response

Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.

10.0
2019-08-22 CVE-2019-11031 Mirasys Unrestricted Upload of File with Dangerous Type vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe.

10.0
2019-08-22 CVE-2019-11030 Mirasys Deserialization of Untrusted Data vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe.

10.0
2019-08-21 CVE-2019-1974 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user.

10.0
2019-08-21 CVE-2019-1938 Cisco Improper Authentication vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system.

10.0
2019-08-21 CVE-2019-1935 Cisco Use of Hard-coded Credentials vulnerability in Cisco products

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials.

10.0
2019-08-20 CVE-2019-8060 Adobe Command Injection vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability.

10.0
2019-08-20 CVE-2019-8049 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.

10.0
2019-08-20 CVE-2019-2130 Google Type Confusion vulnerability in Google Android

In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion.

10.0
2019-08-23 CVE-2019-6695 Fortinet Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager 6.2.0

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.

9.8
2019-08-23 CVE-2019-10747 SET Value Project Resource Exhaustion vulnerability in Set-Value Project Set-Value

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1.

9.8
2019-08-23 CVE-2019-10746 Mixin Deep Project
Fedoraproject
Oracle
Argument Injection or Modification vulnerability in multiple products

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0.

9.8
2019-08-23 CVE-2019-15505 Linux
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

9.8
2019-08-23 CVE-2019-15504 Linux
Canonical
Double Free vulnerability in multiple products

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

9.8
2019-08-22 CVE-2015-9333 Cformsii Project SQL Injection vulnerability in Cformsii Project Cformsii

The cforms2 plugin before 14.6.10 for WordPress has SQL injection.

9.8
2019-08-21 CVE-2019-6177 Lenovo Information Exposure vulnerability in Lenovo Solution Center 03.12.003

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation.

9.8
2019-08-21 CVE-2019-1937 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication.

9.8
2019-08-20 CVE-2019-4483 IBM SQL Injection vulnerability in IBM products

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection.

9.8
2019-08-20 CVE-2019-4481 IBM SQL Injection vulnerability in IBM products

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection.

9.8
2019-08-23 CVE-2019-15498 Getvera Argument Injection or Modification vulnerability in Getvera Vera Edge Firmware 1.7.4452

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.

9.3
2019-08-21 CVE-2019-15295 Bitdefender Untrusted Search Path vulnerability in Bitdefender Antivirus 2020

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.

9.3
2019-08-20 CVE-2019-2134 Google Integer Overflow or Wraparound vulnerability in Google Android

In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow.

9.3
2019-08-20 CVE-2019-2133 Google Out-of-bounds Write vulnerability in Google Android

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow.

9.3
2019-08-20 CVE-2019-2132 Google Unspecified vulnerability in Google Android

It is possible to overlay the VPN dialog by a malicious application.

9.3
2019-08-20 CVE-2019-2131 Google Insecure Default Initialization of Resource vulnerability in Google Android

An application with overlay permission can display overlays on top of settings UI.

9.3
2019-08-20 CVE-2019-14684 Trendmicro Untrusted Search Path vulnerability in Trendmicro Password Manager 5.0

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.

9.3
2019-08-19 CVE-2019-5631 Rapid7 Untrusted Search Path vulnerability in Rapid7 Insightappsec

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product.

9.3
2019-08-23 CVE-2019-15530 Dlink OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.

9.0
2019-08-23 CVE-2019-15529 Dlink OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.

9.0
2019-08-23 CVE-2019-15528 Dlink OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.

9.0
2019-08-23 CVE-2019-15527 Dlink OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.

9.0
2019-08-23 CVE-2019-15526 Dlink OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.

9.0
2019-08-21 CVE-2019-1896 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges.

9.0
2019-08-21 CVE-2019-1885 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device.

9.0
2019-08-21 CVE-2019-1871 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device.

9.0
2019-08-21 CVE-2019-1865 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device.

9.0
2019-08-21 CVE-2019-1864 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device.

9.0
2019-08-21 CVE-2019-1863 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration.

9.0
2019-08-21 CVE-2019-1850 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device.

9.0
2019-08-21 CVE-2019-1634 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS).

9.0
2019-08-20 CVE-2019-3968 Open EMR OS Command Injection vulnerability in Open-Emr Openemr

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.

9.0

121 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-08-21 CVE-2019-13477 Control Webpanel Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel 0.9.8.837

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.

8.8
2019-08-20 CVE-2019-2126 Google
Fedoraproject
Canonical
Opensuse
Double Free vulnerability in multiple products

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer.

8.8
2019-08-20 CVE-2019-4117 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud Private

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2019-08-19 CVE-2019-15150 Schine Games Cross-Site Request Forgery (CSRF) vulnerability in Schine.Games Mw-Oauth2Client 0.2/0.3

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.

8.8
2019-08-20 CVE-2019-4424 IBM XXE vulnerability in IBM Business Process Manager

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.2
2019-08-20 CVE-2019-4340 IBM XXE vulnerability in IBM Security Guardium BIG Data Intelligence 4.0

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.2
2019-08-20 CVE-2019-4433 IBM XXE vulnerability in IBM products

IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.2
2019-08-20 CVE-2019-4419 IBM XXE vulnerability in IBM products

IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.2
2019-08-21 CVE-2019-1900 Cisco NULL Pointer Dereference vulnerability in Cisco products

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system.

7.8
2019-08-21 CVE-2019-15293 Acdsee Unspecified vulnerability in Acdsee Photo Studio 22.1

An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159.

7.8
2019-08-20 CVE-2019-5036 Google Origin Validation Error vulnerability in Google Nest CAM IQ Indoor Firmware 4620002

An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002.

7.8
2019-08-20 CVE-2019-5037 Google Integer Overflow or Wraparound vulnerability in Google Nest CAM IQ Indoor Firmware 4620002

An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002.

7.8
2019-08-20 CVE-2019-11924 Facebook Allocation of Resources Without Limits or Throttling vulnerability in Facebook Fizz

A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion.

7.8
2019-08-20 CVE-2019-4294 IBM OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability.

7.8
2019-08-20 CVE-2019-4253 IBM Unspecified vulnerability in IBM Informix Dynamic Server 12.10

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges.

7.8
2019-08-20 CVE-2018-1796 IBM Unspecified vulnerability in IBM Informix Dynamic Server 12.10

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges.

7.8
2019-08-20 CVE-2019-14687 Trendmicro Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.

7.8
2019-08-20 CVE-2019-15239 Linux
Debian
Use After Free vulnerability in multiple products

In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting.

7.8
2019-08-19 CVE-2019-11145 Intel Permission Issues vulnerability in Intel Driver & Support Assistant

Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2019-08-19 CVE-2019-6165 Lenovo Untrusted Search Path vulnerability in Lenovo Yoga 700-11Isk Firmware and Yoga 700-14Isk Firmware

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation.

7.8
2019-08-19 CVE-2018-20976 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18.

7.8
2019-08-19 CVE-2017-18552 Linux Out-of-bounds Write vulnerability in Linux Kernel

An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11.

7.8
2019-08-19 CVE-2016-10907 Linux Out-of-bounds Write vulnerability in Linux Kernel

An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6.

7.8
2019-08-19 CVE-2016-10905 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8.

7.8
2019-08-25 CVE-2019-15538 Linux
Canonical
Netapp
Opensuse
Debian
Fedoraproject
Resource Exhaustion vulnerability in multiple products

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9.

7.5
2019-08-23 CVE-2019-6698 Fortinet Use of Hard-coded Credentials vulnerability in Fortinet Fortirecorder Firmware

Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.

7.5
2019-08-23 CVE-2019-1581 Paloaltonetworks Improper Input Validation vulnerability in Paloaltonetworks Pan-Os

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS.

7.5
2019-08-23 CVE-2019-15537 Cesnet SQL Injection vulnerability in Cesnet Proxystatistics

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.

7.5
2019-08-23 CVE-2019-15536 Youracclaim SQL Injection vulnerability in Youracclaim Acclaim

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.

7.5
2019-08-23 CVE-2019-15535 Hostosm SQL Injection vulnerability in Hostosm Tasking Manager

Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.

7.5
2019-08-23 CVE-2019-11654 Microfocus Path Traversal vulnerability in Microfocus Verastream Host Integrator 7.5/7.6/7.7

Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.

7.5
2019-08-23 CVE-2019-10750 Deeply Project Resource Exhaustion vulnerability in Deeply Project Deeply

deeply is vulnerable to Prototype Pollution in versions before 3.1.0.

7.5
2019-08-23 CVE-2019-15494 IT Novum Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.

7.5
2019-08-23 CVE-2019-15490 IT Novum Code Injection vulnerability in It-Novum Openitcockpit

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.

7.5
2019-08-23 CVE-2019-15513 Openwrt
Motorola
Improper Locking vulnerability in multiple products

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices.

7.5
2019-08-22 CVE-2018-20987 Tribulant Deserialization of Untrusted Data vulnerability in Tribulant Newsletters

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.

7.5
2019-08-22 CVE-2015-9334 Email Newsletter Project SQL Injection vulnerability in Email-Newsletter Project Email-Newsletter 20.15

The email-newsletter plugin through 20.15 for WordPress has SQL injection.

7.5
2019-08-22 CVE-2013-7483 Hbwsl Improper Input Validation vulnerability in Hbwsl Slidedeck 2

The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.

7.5
2019-08-22 CVE-2016-10930 Wpsupportplus Improper Input Validation vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.

7.5
2019-08-22 CVE-2014-10389 Wpsupportplus Improper Authentication vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.

7.5
2019-08-22 CVE-2014-10387 Wpsupportplus SQL Injection vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.

7.5
2019-08-22 CVE-2019-14751 Nltk Path Traversal vulnerability in Nltk

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

7.5
2019-08-22 CVE-2019-15323 AD Inserter Project Path Traversal vulnerability in AD Inserter Project AD Inserter

The ad-inserter plugin before 2.4.20 for WordPress has path traversal.

7.5
2019-08-22 CVE-2019-15322 Wpmadeasy Unspecified vulnerability in Wpmadeasy Shortcode Factory

The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.

7.5
2019-08-22 CVE-2019-15321 Optiontree Project Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.

7.5
2019-08-22 CVE-2019-15320 Optiontree Project Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.

7.5
2019-08-22 CVE-2019-15319 Optiontree Project Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.

7.5
2019-08-22 CVE-2018-20985 Payeezy Improper Input Validation vulnerability in Payeezy WP Payeezy PAY

The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.

7.5
2019-08-22 CVE-2018-20984 Patreon Deserialization of Untrusted Data vulnerability in Patreon Wordpress

The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.

7.5
2019-08-22 CVE-2017-18583 Post PAY Counter Project Injection vulnerability in Post PAY Counter Project Post PAY Counter

The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.

7.5
2019-08-22 CVE-2017-18580 Getshortcodes Improper Input Validation vulnerability in Getshortcodes Shortcodes Ultimate

The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.

7.5
2019-08-22 CVE-2016-10923 Visser Permissions, Privileges, and Access Controls vulnerability in Visser Store Toolkit for Woocommerce

The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.

7.5
2019-08-22 CVE-2016-10922 Visser Permissions, Privileges, and Access Controls vulnerability in Visser Store Toolkit for Woocommerce

The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.

7.5
2019-08-22 CVE-2014-10384 Memphis Documents Library Project Improper Input Validation vulnerability in Memphis Documents Library Project Memphis Documents Library

The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.

7.5
2019-08-22 CVE-2014-10383 Memphis Documents Library Project Improper Input Validation vulnerability in Memphis Documents Library Project Memphis Documents Library

The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.

7.5
2019-08-22 CVE-2019-15318 Yikesinc Code Injection vulnerability in Yikesinc Easy Forms FOR Mailchimp

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.

7.5
2019-08-22 CVE-2019-14511 Sphinxsearch Missing Authentication for Critical Function vulnerability in Sphinxsearch Sphinx 3.1.1

Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).

7.5
2019-08-22 CVE-2018-20979 Rocklobster Unspecified vulnerability in Rocklobster Contact Form 7

The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.

7.5
2019-08-22 CVE-2017-18573 Simplerealtytheme SQL Injection vulnerability in Simplerealtytheme Simple Login LOG

The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.

7.5
2019-08-22 CVE-2017-18571 Search Everything Project SQL Injection vulnerability in Search Everything Project Search Everything

The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.

7.5
2019-08-22 CVE-2017-18570 Cformsii Project SQL Injection vulnerability in Cformsii Project Cformsii

The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.

7.5
2019-08-22 CVE-2016-10921 AYS PRO SQL Injection vulnerability in Ays-Pro Photo Gallery

The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.

7.5
2019-08-22 CVE-2016-10917 Search Everything Project SQL Injection vulnerability in Search Everything Project Search Everything

The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.

7.5
2019-08-22 CVE-2016-10916 Codepeople SQL Injection vulnerability in Codepeople Appointment Booking Calendar

The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.

7.5
2019-08-22 CVE-2015-9335 Bestwebsoft SQL Injection vulnerability in Bestwebsoft Limit Attempts

The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.

7.5
2019-08-21 CVE-2019-11601 Bosch Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK

A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.

7.5
2019-08-21 CVE-2019-10687 Kbpublisher SQL Injection vulnerability in Kbpublisher 6.0.2.1

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.

7.5
2019-08-21 CVE-2014-10379 Duplicate Post Project SQL Injection vulnerability in Duplicate Post Project Duplicate Post

The duplicate-post plugin before 2.6 for WordPress has SQL injection.

7.5
2019-08-21 CVE-2019-15111 WP Front END Profile Project Unspecified vulnerability in WP Front END Profile Project WP Front END Profile 0.1/0.2/0.2.1

The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.

7.5
2019-08-21 CVE-2016-10909 Codepeople SQL Injection vulnerability in Codepeople Booking Calendar Contact Form

The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.

7.5
2019-08-20 CVE-2019-8100 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

7.5
2019-08-20 CVE-2019-8098 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

7.5
2019-08-20 CVE-2019-8061 Adobe Use After Free vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8055 Adobe Use After Free vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8050 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.

7.5
2019-08-20 CVE-2019-8048 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a buffer error vulnerability.

7.5
2019-08-20 CVE-2019-8047 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8046 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.

7.5
2019-08-20 CVE-2019-8045 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability.

7.5
2019-08-20 CVE-2019-8044 Adobe Double Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double free vulnerability.

7.5
2019-08-20 CVE-2019-8042 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.

7.5
2019-08-20 CVE-2019-8041 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.

7.5
2019-08-20 CVE-2019-8036 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8031 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8030 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8029 Adobe Use After Free vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8028 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8026 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8025 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8024 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-8023 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

7.5
2019-08-20 CVE-2019-8022 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

7.5
2019-08-20 CVE-2019-8017 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability.

7.5
2019-08-20 CVE-2019-8016 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

7.5
2019-08-20 CVE-2019-8015 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.

7.5
2019-08-20 CVE-2019-8009 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

7.5
2019-08-20 CVE-2019-8006 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability.

7.5
2019-08-20 CVE-2019-8003 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

7.5
2019-08-20 CVE-2019-7965 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

7.5
2019-08-20 CVE-2019-4338 IBM Allocation of Resources Without Limits or Throttling vulnerability in IBM Security Guardium BIG Data Intelligence 4.0

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor.

7.5
2019-08-20 CVE-2019-4460 IBM Path Traversal vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system.

7.5
2019-08-20 CVE-2019-4310 IBM Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 4.0

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

7.5
2019-08-20 CVE-2019-10745 Assign Deep Project Unspecified vulnerability in Assign-Deep Project Assign-Deep

assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0.

7.5
2019-08-20 CVE-2015-9330 Soflyy SQL Injection vulnerability in Soflyy WP ALL Import

The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.

7.5
2019-08-20 CVE-2019-15232 Live555 Use After Free vulnerability in Live555 Streaming Media

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

7.5
2019-08-19 CVE-2019-15224 Rest Client Project Code Injection vulnerability in Rest-Client Project Rest-Client

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

7.5
2019-08-20 CVE-2019-15237 Roundcube
Fedoraproject
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
7.4
2019-08-20 CVE-2019-10086 Apache
Debian
Opensuse
Fedoraproject
Redhat
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.

7.3
2019-08-25 CVE-2019-15540 Cdemu Out-of-bounds Write vulnerability in Cdemu Libmirage 3.2.2

filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.

7.2
2019-08-21 CVE-2019-15315 Valvesoftware
Microsoft
Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client

Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch.

7.2
2019-08-21 CVE-2019-14685 Trendmicro
Microsoft
Unquoted Search Path or Element vulnerability in Trendmicro products

A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.

7.2
2019-08-21 CVE-2019-1936 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user.

7.2
2019-08-21 CVE-2019-1883 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges.

7.2
2019-08-21 CVE-2019-1839 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges.

7.2
2019-08-21 CVE-2019-14257 Zenoss Permissions, Privileges, and Access Controls vulnerability in Zenoss 2.5.3

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.

7.2
2019-08-21 CVE-2019-12622 Cisco Permission Issues vulnerability in Cisco products

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges.

7.2
2019-08-20 CVE-2019-2128 Google Out-of-bounds Write vulnerability in Google Android

In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check.

7.2
2019-08-20 CVE-2019-2127 Google Use After Free vulnerability in Google Android

In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free.

7.2
2019-08-20 CVE-2019-2120 Google Insecure Default Initialization of Resource vulnerability in Google Android

In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value.

7.2
2019-08-20 CVE-2019-2135 Google Out-of-bounds Read vulnerability in Google Android

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check.

7.1
2019-08-19 CVE-2016-10906 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5.

7.0

356 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-08-21 CVE-2019-15316 Valvesoftware
Microsoft
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Valvesoftware Steam Client

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.

6.9
2019-08-20 CVE-2019-2122 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings.

6.9
2019-08-20 CVE-2019-2121 Google Race Condition vulnerability in Google Android 9.0

In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition.

6.9
2019-08-20 CVE-2019-12889 Sailpoint Improper Privilege Management vulnerability in Sailpoint Desktop Password Reset 7.2

An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2.

6.9
2019-08-19 CVE-2019-15214 Linux
Canonical
Opensuse
Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.0.10.

6.9
2019-08-23 CVE-2019-7364 Autodesk Uncontrolled Search Path Element vulnerability in Autodesk products

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID.

6.8
2019-08-23 CVE-2019-7363 Autodesk Use After Free vulnerability in Autodesk Design Review

Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018.

6.8
2019-08-23 CVE-2019-7362 Autodesk Untrusted Search Path vulnerability in Autodesk Design Review

DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018.

6.8
2019-08-23 CVE-2019-15525 Pw3270 Project Improper Certificate Validation vulnerability in Pw3270 Project Pw3270

There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.

6.8
2019-08-23 CVE-2019-15491 IT Novum Cross-Site Request Forgery (CSRF) vulnerability in It-Novum Openitcockpit

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.

6.8
2019-08-22 CVE-2019-15329 Codection Cross-Site Request Forgery (CSRF) vulnerability in Codection Import Users From CSV With Meta

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.

6.8
2019-08-22 CVE-2016-10918 Supsystic Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Photo Gallery

The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.

6.8
2019-08-21 CVE-2019-14686 Trendmicro Untrusted Search Path vulnerability in Trendmicro products

A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.

6.8
2019-08-21 CVE-2019-15074 Mantisbt Cross-site Scripting vulnerability in Mantisbt

The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename.

6.8
2019-08-21 CVE-2019-12624 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

6.8
2019-08-21 CVE-2017-18521 WP Kama Cross-Site Request Forgery (CSRF) vulnerability in Wp-Kama Democracy Poll

The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.

6.8
2019-08-21 CVE-2019-5041 Aspose Out-of-bounds Write vulnerability in Aspose Aspose.Words 18.11.0.0

An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0.

6.8
2019-08-21 CVE-2019-5033 Aspose Out-of-bounds Read vulnerability in Aspose Aspose.Cells 19.1.0

An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library.

6.8
2019-08-21 CVE-2019-5032 Aspose Out-of-bounds Read vulnerability in Aspose Aspose.Cells 19.1.0

An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library.

6.8
2019-08-21 CVE-2016-10903 Godaddy Cross-Site Request Forgery (CSRF) vulnerability in Godaddy Email Marketing

The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.

6.8
2019-08-21 CVE-2016-10902 Gowebsolutions Cross-Site Request Forgery (CSRF) vulnerability in Gowebsolutions WP Customer Reviews

The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.

6.8
2019-08-21 CVE-2019-15296 Audiocoding
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8.

6.8
2019-08-20 CVE-2019-5035 Google Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Nest CAM IQ Indoor Firmware 4620002

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002.

6.8
2019-08-20 CVE-2019-8057 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

6.8
2019-08-20 CVE-2019-5039 Openweave Out-of-bounds Write vulnerability in Openweave Openweave-Core 4.0.2

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2.

6.8
2019-08-20 CVE-2019-5038 Openweave Out-of-bounds Write vulnerability in Openweave Openweave-Core 4.0.2

An exploitable command execution vulnerability exists in the print-tlv command of Weave tool.

6.8
2019-08-20 CVE-2019-8039 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

6.8
2019-08-20 CVE-2019-8038 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

6.8
2019-08-20 CVE-2019-8034 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

6.8
2019-08-20 CVE-2019-8033 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

6.8
2019-08-20 CVE-2019-8027 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

6.8
2019-08-20 CVE-2019-8019 Adobe Type Confusion vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability.

6.8
2019-08-20 CVE-2019-8014 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.

6.8
2019-08-20 CVE-2019-8013 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

6.8
2019-08-20 CVE-2019-8008 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability.

6.8
2019-08-20 CVE-2019-13520 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Alpha5 Smart Loader Firmware

Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2.

6.8
2019-08-20 CVE-2017-18523 Eelv Newsletter Project Cross-Site Request Forgery (CSRF) vulnerability in Eelv Newsletter Project Eelv Newsletter

The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.

6.8
2019-08-20 CVE-2019-15238 Cformsii Project Cross-Site Request Forgery (CSRF) vulnerability in Cformsii Project Cformsii

The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.

6.8
2019-08-20 CVE-2017-18569 Mythemeshop Cross-Site Request Forgery (CSRF) vulnerability in Mythemeshop MY WP Translate

The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.

6.8
2019-08-20 CVE-2016-10915 Supsystic Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Popup

The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.

6.8
2019-08-20 CVE-2016-10914 ADD From Server Project Cross-Site Request Forgery (CSRF) vulnerability in ADD From Server Project ADD From Server 3.3/3.3.1

The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.

6.8
2019-08-20 CVE-2014-10381 User Domain Whitelist Project Cross-Site Request Forgery (CSRF) vulnerability in User Domain Whitelist Project User Domain Whitelist

The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.

6.8
2019-08-20 CVE-2011-5328 User Access Manager Project Cross-Site Request Forgery (CSRF) vulnerability in User Access Manager Project User Access Manager

The user-access-manager plugin before 1.2 for WordPress has CSRF.

6.8
2019-08-20 CVE-2019-15229 Thedaylightstudio Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console.

6.8
2019-08-19 CVE-2019-6171 Lenovo Unspecified vulnerability in Lenovo products

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

6.8
2019-08-20 CVE-2018-1636 IBM Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 12.10

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell.

6.7
2019-08-20 CVE-2018-1635 IBM Out-of-bounds Write vulnerability in IBM Informix Dynamic Server 12.10

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell.

6.7
2019-08-20 CVE-2018-1634 IBM Link Following vulnerability in IBM Informix Dynamic Server 12.10

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME.

6.7
2019-08-20 CVE-2018-1633 IBM Link Following vulnerability in IBM Informix Dynamic Server 12.10

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd.

6.7
2019-08-20 CVE-2018-1632 IBM Link Following vulnerability in IBM Informix Dynamic Server 12.10

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs.

6.7
2019-08-20 CVE-2018-1631 IBM Link Following vulnerability in IBM Informix Dynamic Server 12.1

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash.

6.7
2019-08-20 CVE-2018-1630 IBM Link Following vulnerability in IBM Informix Dynamic Server 12.1

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode.

6.7
2019-08-19 CVE-2017-18551 Linux
Opensuse
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15.

6.7
2019-08-23 CVE-2019-1582 Paloaltonetworks Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.

6.5
2019-08-23 CVE-2019-15531 GNU
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.

6.5
2019-08-23 CVE-2019-13423 Search Guard Permissions, Privileges, and Access Controls vulnerability in Search-Guard Search Guard

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate.

6.5
2019-08-22 CVE-2019-15060 TP Link OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware

The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

6.5
2019-08-22 CVE-2019-12385 Ampache SQL Injection vulnerability in Ampache

An issue was discovered in Ampache through 3.9.1.

6.5
2019-08-22 CVE-2018-18573 Oscommerce Code Injection vulnerability in Oscommerce 2.3.4.1

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.

6.5
2019-08-22 CVE-2018-18572 Oscommerce Unrestricted Upload of File with Dangerous Type vulnerability in Oscommerce 2.3.4.1

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.

6.5
2019-08-22 CVE-2019-15324 AD Inserter Project Improper Input Validation vulnerability in AD Inserter Project AD Inserter

The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.

6.5
2019-08-21 CVE-2019-1907 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges.

6.5
2019-08-21 CVE-2019-14246 Centos Webpanel Authorization Bypass Through User-Controlled Key vulnerability in Centos-Webpanel Centos web Panel 0.9.8.851

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.

6.5
2019-08-21 CVE-2019-14245 Centos Webpanel Authorization Bypass Through User-Controlled Key vulnerability in Centos-Webpanel Centos web Panel 0.9.8.851

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.

6.5
2019-08-21 CVE-2019-13458 Otrs
Debian
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.
6.5
2019-08-21 CVE-2019-12746 Otrs
Debian
Information Exposure vulnerability in multiple products

An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.

6.5
2019-08-20 CVE-2019-4167 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Storediq

IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5
2019-08-20 CVE-2019-11209 Tibco Unspecified vulnerability in Tibco FTL 6.0.0/6.0.1/6.1.0

The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls.

6.5
2019-08-23 CVE-2019-15493 IT Novum Unspecified vulnerability in It-Novum Openitcockpit

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.

6.4
2019-08-22 CVE-2017-18586 Insert Pages Project Path Traversal vulnerability in Insert Pages Project Insert Pages

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.

6.4
2019-08-22 CVE-2014-10390 Wpsupportplus Path Traversal vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

6.4
2019-08-22 CVE-2019-7617 Elastic Improper Input Validation vulnerability in Elastic APM Agent

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header.

6.4
2019-08-22 CVE-2016-10927 Neliosoftware Server-Side Request Forgery (SSRF) vulnerability in Neliosoftware Nelio AB Testing

The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.

6.4
2019-08-22 CVE-2016-10926 Neliosoftware Server-Side Request Forgery (SSRF) vulnerability in Neliosoftware Nelio AB Testing

The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.

6.4
2019-08-22 CVE-2018-20981 Ninjaforms Improper Input Validation vulnerability in Ninjaforms Ninja Forms

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.

6.4
2019-08-20 CVE-2019-6143 Forcepoint Improper Authentication vulnerability in Forcepoint Next Generation Firewall

Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine.

6.4
2019-08-20 CVE-2019-7594 Johnsoncontrols Use of Hard-coded Credentials vulnerability in Johnsoncontrols Metasys System

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).

6.4
2019-08-20 CVE-2019-7593 Johnsoncontrols Use of Hard-coded Credentials vulnerability in Johnsoncontrols Metasys System

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).

6.4
2019-08-20 CVE-2019-4420 IBM Information Exposure Through an Error Message vulnerability in IBM products

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system.

6.2
2019-08-22 CVE-2014-10386 3CX Injection vulnerability in 3CX Live Chat

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.

6.1
2019-08-22 CVE-2018-20982 Davidlingren Cross-site Scripting vulnerability in Davidlingren Media Library Assistant

The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.

6.1
2019-08-22 CVE-2013-7480 Pixelite Cross-site Scripting vulnerability in Pixelite Events Manager

The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.

6.1
2019-08-22 CVE-2013-7479 Pixelite Cross-site Scripting vulnerability in Pixelite Events Manager

The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.

6.1
2019-08-22 CVE-2013-7478 Pixelite Cross-site Scripting vulnerability in Pixelite Events Manager

The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.

6.1
2019-08-22 CVE-2013-7477 Pixelite Cross-site Scripting vulnerability in Pixelite Events Manager

The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.

6.1
2019-08-22 CVE-2012-6716 Pixelite Cross-site Scripting vulnerability in Pixelite Events Manager

The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.

6.1
2019-08-21 CVE-2017-18559 Cformsii Project Cross-site Scripting vulnerability in Cformsii Project Cformsii

The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.

6.1
2019-08-21 CVE-2016-10891 Pojo Cross-site Scripting vulnerability in Pojo Activity LOG

The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.

6.1
2019-08-21 CVE-2016-10890 Pojo Cross-site Scripting vulnerability in Pojo Activity LOG

The aryo-activity-log plugin before 2.3.2 for WordPress has XSS.

6.1
2019-08-21 CVE-2014-10377 Cformsii Project Cross-site Scripting vulnerability in Cformsii Project Cformsii

The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.

6.1
2019-08-21 CVE-2019-15112 WP Slimstat Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics

The wp-slimstat plugin before 4.8.1 for WordPress has XSS.

6.1
2019-08-21 CVE-2019-15109 Stellarwp Cross-site Scripting vulnerability in Stellarwp the Events Calendar

The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.

6.1
2019-08-21 CVE-2017-18540 Deepsoft Cross-site Scripting vulnerability in Deepsoft Weblibrarian

The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes.

6.1
2019-08-21 CVE-2017-18539 Deepsoft Cross-site Scripting vulnerability in Deepsoft Weblibrarian

The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.

6.1
2019-08-21 CVE-2017-18538 Deepsoft Cross-site Scripting vulnerability in Deepsoft Weblibrarian

The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes.

6.1
2019-08-20 CVE-2015-9320 Optiontree Project Cross-site Scripting vulnerability in Optiontree Project Optiontree

The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.

6.1
2019-08-20 CVE-2016-10893 Crayon Syntax Highlighter Project Cross-site Scripting vulnerability in Crayon Syntax Highlighter Project Crayon Syntax Highlighter

The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.

6.1
2019-08-23 CVE-2019-15092 Webtoffee Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

6.0
2019-08-23 CVE-2019-1583 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Twistlock 19.07.357

Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user.

6.0
2019-08-23 CVE-2016-6154 Watchguard
Microsoft
Cross-site Scripting vulnerability in Watchguard Fireware

The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).

5.8
2019-08-23 CVE-2019-10751 Httpie Open Redirect vulnerability in Httpie

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

5.8
2019-08-23 CVE-2019-13422 Search Guard Open Redirect vulnerability in Search-Guard Search Guard

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.

5.8
2019-08-23 CVE-2019-11589 Atlassian Open Redirect vulnerability in Atlassian Jira Server

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

5.8
2019-08-23 CVE-2019-11585 Atlassian Open Redirect vulnerability in Atlassian Jira

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

5.8
2019-08-21 CVE-2019-12621 Cisco Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco products

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack.

5.8
2019-08-20 CVE-2015-9332 Wordpress Uninstall Project Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Uninstall Project Wordpress Uninstall 1.0/1.1

The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.

5.8
2019-08-20 CVE-2019-11521 Open Xchange Improper Privilege Management vulnerability in Open-Xchange Appsuite 7.10.1

OX App Suite 7.10.1 allows Content Spoofing.

5.8
2019-08-19 CVE-2019-0173 Intel Unspecified vulnerability in Intel Raid web Console 2

Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.

5.8
2019-08-20 CVE-2019-4425 IBM Unspecified vulnerability in IBM products

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users.

5.7
2019-08-23 CVE-2019-12400 Apache
Redhat
Oracle
Improper Input Validation vulnerability in multiple products

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders.

5.5
2019-08-23 CVE-2019-13014 Obdev Incomplete Cleanup vulnerability in Obdev Little Snitch 4.4.0

Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool.

5.5
2019-08-23 CVE-2019-13013 Obdev Missing Authorization vulnerability in Obdev Little Snitch 4.3.0/4.3.1/4.3.2

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool.

5.5
2019-08-22 CVE-2017-18585 Ivycat Path Traversal vulnerability in Page

The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.

5.5
2019-08-21 CVE-2019-1984 Cisco Improper Input Validation vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure Sofware

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device.

5.5
2019-08-21 CVE-2019-3634 Mcafee Out-of-bounds Read vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.

5.5
2019-08-21 CVE-2019-3633 Mcafee Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mcafee Data Loss Prevention Endpoint 11.3.0

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.

5.5
2019-08-22 CVE-2019-15317 Givewp Cross-site Scripting vulnerability in Givewp

The give plugin before 2.4.7 for WordPress has XSS via a donor name.

5.4
2019-08-21 CVE-2019-13476 Control Webpanel Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.837

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.

5.4
2019-08-20 CVE-2019-4482 IBM Cross-site Scripting vulnerability in IBM Emptoris Spend Analysis

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting.

5.4
2019-08-20 CVE-2019-4120 IBM Cross-site Scripting vulnerability in IBM Cloud Private

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting.

5.4
2019-08-21 CVE-2019-15045 Zohocorp Information Exposure vulnerability in Zohocorp Manageengine Servicedesk Plus

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration.

5.3
2019-08-21 CVE-2019-13599 Control Webpanel Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.848

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times.

5.3
2019-08-20 CVE-2019-4437 IBM Information Exposure vulnerability in IBM API Connect

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger.

5.3
2019-08-19 CVE-2019-6178 Lenovo Unspecified vulnerability in Lenovo products

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled.

5.3
2019-08-23 CVE-2018-13367 Fortinet Information Exposure vulnerability in Fortinet Fortios

An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.

5.0
2019-08-23 CVE-2019-15520 Comelz Path Traversal vulnerability in Comelz Quark 0.2

comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.

5.0
2019-08-23 CVE-2019-15518 Swoole Path Traversal vulnerability in Swoole

Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.

5.0
2019-08-23 CVE-2019-15516 Cuberite Path Traversal vulnerability in Cuberite

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.

5.0
2019-08-23 CVE-2019-8446 Atlassian Incorrect Authorization vulnerability in Atlassian Jira Server

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

5.0
2019-08-23 CVE-2019-8445 Atlassian Missing Authorization vulnerability in Atlassian Jira Server

Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.

5.0
2019-08-23 CVE-2019-15514 Telegram Information Exposure vulnerability in Telegram 5.10.0

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.

5.0
2019-08-22 CVE-2019-15326 Codection Path Traversal vulnerability in Codection Import Users From CSV With Meta

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

5.0
2019-08-22 CVE-2019-15325 Galliumos Unspecified vulnerability in Galliumos 3.0

In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.

5.0
2019-08-22 CVE-2016-10929 Advanced Ajax Page Loader Project Permissions, Privileges, and Access Controls vulnerability in Advanced Ajax Page Loader Project Advanced Ajax Page Loader

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.

5.0
2019-08-22 CVE-2016-10928 Onelogin Use of Hard-coded Credentials vulnerability in Onelogin Saml SSO

The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.

5.0
2019-08-22 CVE-2015-9340 Iptanus Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

5.0
2019-08-22 CVE-2015-9339 Iptanus Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.

5.0
2019-08-22 CVE-2015-9338 Iptanus Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload

The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.

5.0
2019-08-22 CVE-2019-15330 Webp Express Project Information Exposure vulnerability in Webp Express Project Webp Express

The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.

5.0
2019-08-22 CVE-2018-20988 Google Forms Project Code Injection vulnerability in Google Forms Project Google Forms

The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.

5.0
2019-08-22 CVE-2015-9341 Iptanus Unrestricted Upload of File with Dangerous Type vulnerability in Iptanus Wordpress File Upload

The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.

5.0
2019-08-22 CVE-2014-10388 Wpsupportplus Information Exposure vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.

5.0
2019-08-22 CVE-2019-9154 Openpgpjs Improper Verification of Cryptographic Signature vulnerability in Openpgpjs

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.

5.0
2019-08-22 CVE-2019-9153 Openpgpjs Improper Verification of Cryptographic Signature vulnerability in Openpgpjs

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.

5.0
2019-08-22 CVE-2019-11029 Mirasys Path Traversal vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal.

5.0
2019-08-22 CVE-2019-5635 Belwith Keeler Cleartext Transmission of Sensitive Information vulnerability in Belwith-Keeler Hickory Smart Ethernet Bridge Firmware

A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC.

5.0
2019-08-22 CVE-2017-18584 Post PAY Counter Project Permissions, Privileges, and Access Controls vulnerability in Post PAY Counter Project Post PAY Counter

The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.

5.0
2019-08-22 CVE-2016-10924 Zedna Ebook Download Project Path Traversal vulnerability in Zedna Ebook Download Project Zedna Ebook Download 1.0/1.1

The ebook-download plugin before 1.2 for WordPress has directory traversal.

5.0
2019-08-22 CVE-2015-9337 Cozmoslabs Improper Access Control vulnerability in Cozmoslabs Profile Builder

The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.

5.0
2019-08-22 CVE-2018-20980 Ninjaforms Improper Input Validation vulnerability in Ninjaforms Ninja Forms

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.

5.0
2019-08-21 CVE-2019-11603 Bosch Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK

A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.

5.0
2019-08-21 CVE-2019-11602 Bosch Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK

Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.

5.0
2019-08-21 CVE-2018-17791 Newgensoft Incorrect Resource Transfer Between Spheres vulnerability in Newgensoft Omniflow Intelligent Business Process Suite 7.0

Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion.

5.0
2019-08-21 CVE-2019-1908 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information.

5.0
2019-08-21 CVE-2019-14258 Zenoss XXE vulnerability in Zenoss 2.5.3

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.

5.0
2019-08-21 CVE-2019-12634 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

5.0
2019-08-21 CVE-2019-12627 Cisco Improper Access Control vulnerability in Cisco Firepower Threat Defense

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data.

5.0
2019-08-21 CVE-2019-11897 Bosch Server-Side Request Forgery (SSRF) vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK

A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs.

5.0
2019-08-21 CVE-2016-10899 Fabrix Improper Input Validation vulnerability in Fabrix Total Security

The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.

5.0
2019-08-20 CVE-2019-5034 Google Out-of-bounds Read vulnerability in Google Nest CAM IQ Indoor Firmware 4620002

An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002.

5.0
2019-08-20 CVE-2019-8106 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8105 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8104 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8103 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8102 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8101 Adobe Integer Overflow or Wraparound vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an integer overflow vulnerability.

5.0
2019-08-20 CVE-2019-8099 Adobe Integer Overflow or Wraparound vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an integer overflow vulnerability.

5.0
2019-08-20 CVE-2019-8097 Adobe Unspecified vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an internal ip disclosure vulnerability.

5.0
2019-08-20 CVE-2019-8096 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8095 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8094 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8077 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-5040 Openweave
Google
Integer Overflow or Wraparound vulnerability in multiple products

An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002.

5.0
2019-08-20 CVE-2019-10960 Zebra Credentials Management vulnerability in Zebra products

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options.

5.0
2019-08-20 CVE-2019-8043 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8032 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8021 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8020 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8018 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8012 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8011 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8010 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8007 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8005 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8004 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-8002 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

5.0
2019-08-20 CVE-2019-4402 IBM Unspecified vulnerability in IBM API Connect

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API.

5.0
2019-08-20 CVE-2015-9331 Soflyy 7PK - Security Features vulnerability in Soflyy WP ALL Import

The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.

5.0
2019-08-20 CVE-2015-9318 Getawesomesupport 7PK - Security Features vulnerability in Getawesomesupport Awesome Support

The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.

5.0
2019-08-20 CVE-2019-14430 Youphptube SQL Injection vulnerability in Youphptube

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.

5.0
2019-08-19 CVE-2019-15225 Envoyproxy Allocation of Resources Without Limits or Throttling vulnerability in Envoyproxy Envoy

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation.

5.0
2019-08-19 CVE-2019-15160 Kbrw XXE vulnerability in Kbrw Sweet XML

The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.

5.0
2019-08-23 CVE-2019-15517 Jc21 Path Traversal vulnerability in Jc21 Nginx Proxy Manager

jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.

4.9
2019-08-20 CVE-2019-2137 Google Improper Input Validation vulnerability in Google Android 9.0

In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check.

4.9
2019-08-20 CVE-2019-2136 Google Out-of-bounds Read vulnerability in Google Android

In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation.

4.9
2019-08-20 CVE-2019-15291 Linux NULL Pointer Dereference vulnerability in Linux Kernel

An issue was discovered in the Linux kernel through 5.2.9.

4.9
2019-08-19 CVE-2019-11276 Pivotal Software Cleartext Transmission of Sensitive Information vulnerability in Pivotal Software Application Service

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http.

4.8
2019-08-21 CVE-2019-15292 Linux
Debian
Canonical
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.0.9.

4.7
2019-08-22 CVE-2019-13139 Docker OS Command Injection vulnerability in Docker

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution.

4.6
2019-08-19 CVE-2019-15223 Linux
Netapp
Canonical
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.1.8.

4.6
2019-08-19 CVE-2019-15222 Linux
Netapp
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.2.8.

4.6
2019-08-19 CVE-2019-15221 Linux
Netapp
Canonical
Debian
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.1.17.

4.6
2019-08-19 CVE-2019-15220 Linux
Netapp
Canonical
Debian
Opensuse
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.2.1.

4.6
2019-08-19 CVE-2019-15219 Linux
Netapp
Canonical
Debian
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.1.8.

4.6
2019-08-19 CVE-2019-15218 Linux
Netapp
Canonical
Debian
Oracle
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.1.8.

4.6
2019-08-19 CVE-2019-15217 Linux
Netapp
Canonical
Debian
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.2.3.

4.6
2019-08-19 CVE-2019-15216 Linux
Netapp
Canonical
Debian
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.0.14.

4.6
2019-08-19 CVE-2019-15215 Linux
Netapp
Canonical
Debian
Opensuse
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.2.6.

4.6
2019-08-19 CVE-2019-15213 Linux
Netapp
Opensuse
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.2.3.

4.6
2019-08-19 CVE-2019-15212 Linux
Netapp
Canonical
Debian
Opensuse
Double Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.1.8.

4.6
2019-08-19 CVE-2019-15211 Linux
Netapp
Canonical
Debian
Opensuse
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.2.6.

4.6
2019-08-19 CVE-2019-11163 Intel Unspecified vulnerability in Intel Processor Identification Utility

Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

4.6
2019-08-19 CVE-2019-11162 Intel Unspecified vulnerability in Intel Computing Improvement Program

Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

4.6
2019-08-19 CVE-2019-11148 Intel Unspecified vulnerability in Intel Remote Displays SDK 1.0/1.1/2.0

Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-08-19 CVE-2019-11146 Intel Permission Issues vulnerability in Intel Driver & Support Assistant 3.5.0.1

Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-08-19 CVE-2019-11143 Intel Unspecified vulnerability in Intel Authenticate 3.7

Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2019-08-19 CVE-2019-11140 Intel Improper Input Validation vulnerability in Intel products

Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

4.6
2019-08-20 CVE-2019-2125 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack.

4.4
2019-08-23 CVE-2019-5594 Fortinet Cross-site Scripting vulnerability in Fortinet Fortinac 8.3.0/8.3.6/8.5.0

An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.

4.3
2019-08-23 CVE-2019-5592 Fortinet Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortios IPS Engine

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.

4.3
2019-08-23 CVE-2019-8447 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.

4.3
2019-08-23 CVE-2019-14999 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Universal Plugin Manager

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

4.3
2019-08-23 CVE-2019-11588 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira and Jira Server

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.

4.3
2019-08-23 CVE-2019-11587 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira and Jira Server

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

4.3
2019-08-23 CVE-2019-11586 Atlassian Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.

4.3
2019-08-23 CVE-2019-11584 Atlassian Cross-site Scripting vulnerability in Atlassian Jira

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

4.3
2019-08-23 CVE-2019-15492 IT Novum Cross-site Scripting vulnerability in It-Novum Openitcockpit

openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.

4.3
2019-08-23 CVE-2019-15488 Igniterealtime Cross-site Scripting vulnerability in Igniterealtime Openfire

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.

4.3
2019-08-23 CVE-2019-15487 Schoolexperience Cross-site Scripting vulnerability in Schoolexperience Department FOR Education School Experience

DfE School Experience before v16333-GA has XSS via a teacher training URL.

4.3
2019-08-23 CVE-2019-15486 Django JS Reverse Project Cross-site Scripting vulnerability in Django JS Reverse Project Django JS Reserve

django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.

4.3
2019-08-23 CVE-2019-15485 Boltcms Cross-site Scripting vulnerability in Boltcms Bolt

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.

4.3
2019-08-23 CVE-2019-15484 Boltcms Cross-site Scripting vulnerability in Boltcms Bolt

Bolt before 3.6.10 has XSS via an image's alt or title field.

4.3
2019-08-23 CVE-2019-15483 Boltcms Cross-site Scripting vulnerability in Boltcms Bolt

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.

4.3
2019-08-23 CVE-2019-15482 Selectize Plugin A11Y Project Cross-site Scripting vulnerability in Selectize-Plugin-A11Y Project Selectize-Plugin-A11Y

selectize-plugin-a11y before 1.1.0 has XSS via the msg field.

4.3
2019-08-23 CVE-2019-15481 Kimai Cross-site Scripting vulnerability in Kimai 2

Kimai v2 before 1.1 has XSS via a timesheet description.

4.3
2019-08-23 CVE-2019-15477 Jooby Cross-site Scripting vulnerability in Jooby

Jooby before 1.6.4 has XSS via the default error handler.

4.3
2019-08-23 CVE-2019-15476 Former Project Cross-site Scripting vulnerability in Former Project Former

Former before 4.2.1 has XSS via a checkbox value.

4.3
2019-08-23 CVE-2019-15499 Hackmd Cross-site Scripting vulnerability in Hackmd Codimd 1.3.1

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.

4.3
2019-08-22 CVE-2019-15328 Codection Cross-site Scripting vulnerability in Codection Import Users From CSV With Meta

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

4.3
2019-08-22 CVE-2019-15327 Codection Cross-site Scripting vulnerability in Codection Import Users From CSV With Meta

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

4.3
2019-08-22 CVE-2017-18579 Dwbooster Cross-site Scripting vulnerability in Dwbooster Corner AD

The corner-ad plugin before 1.0.8 for WordPress has XSS.

4.3
2019-08-22 CVE-2017-18578 Crafty Social Buttons Project Cross-site Scripting vulnerability in Crafty Social Buttons Project Crafty Social Buttons

The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.

4.3
2019-08-22 CVE-2014-10393 Cformsii Project Cross-site Scripting vulnerability in Cformsii Project Cformsii

The cforms2 plugin before 10.5 for WordPress has XSS.

4.3
2019-08-22 CVE-2014-10382 Pippinsplugins Cross-Site Request Forgery (CSRF) vulnerability in Pippinsplugins Featured Comments

The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.

4.3
2019-08-22 CVE-2019-15331 Wpsupportplus Cross-site Scripting vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System

The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.

4.3
2019-08-22 CVE-2014-10394 Saschart Injection vulnerability in Saschart Rich Counter 1.0.5/1.1.0/1.1.5

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.

4.3
2019-08-22 CVE-2014-10392 Cformsii Project Cross-site Scripting vulnerability in Cformsii Project Cformsii

The cforms2 plugin before 10.2 for WordPress has XSS.

4.3
2019-08-22 CVE-2014-10391 Wpsupportplus Injection vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.

4.3
2019-08-22 CVE-2019-9155 Openpgpjs Cryptographic Issues vulnerability in Openpgpjs

A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.

4.3
2019-08-22 CVE-2018-20983 Meowapps Cross-site Scripting vulnerability in Meowapps WP Retina 2X

The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.

4.3
2019-08-22 CVE-2017-18582 Time Sheets Project Cross-site Scripting vulnerability in Time Sheets Project Time Sheets

The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues.

4.3
2019-08-22 CVE-2017-18581 Time Sheets Project Cross-site Scripting vulnerability in Time Sheets Project Time Sheets

The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.

4.3
2019-08-22 CVE-2017-18577 Ibericode Cross-site Scripting vulnerability in Ibericode Mailchimp

The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.

4.3
2019-08-22 CVE-2017-18576 Event Notifier Project Cross-site Scripting vulnerability in Event Notifier Project Event Notifier 1.0.0/1.0.1/1.2.0

The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.

4.3
2019-08-22 CVE-2016-10925 Profilepress Cross-site Scripting vulnerability in Profilepress Loginwp

The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.

4.3
2019-08-22 CVE-2014-10385 Memphis Documents Library Project Cross-site Scripting vulnerability in Memphis Documents Library Project Memphis Documents Library

The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.

4.3
2019-08-22 CVE-2013-7482 Reflex Gallery Project Cross-site Scripting vulnerability in Reflex Gallery Project Reflex Gallery

The reflex-gallery plugin before 1.4.3 for WordPress has XSS.

4.3
2019-08-22 CVE-2008-7321 Tubepress Cross-site Scripting vulnerability in Tubepress

The tubepress plugin before 1.6.5 for WordPress has XSS.

4.3
2019-08-22 CVE-2017-18575 Newstatpress Project Cross-site Scripting vulnerability in Newstatpress Project Newstatpress

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.

4.3
2019-08-22 CVE-2017-18574 Ninjaforms Improper Input Validation vulnerability in Ninjaforms Ninja Forms

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.

4.3
2019-08-22 CVE-2017-18572 SIR Cross-site Scripting vulnerability in SIR Gnucommerce

The gnucommerce plugin before 1.4.2 for WordPress has XSS.

4.3
2019-08-22 CVE-2016-10920 SIR Cross-site Scripting vulnerability in SIR Gnucommerce

The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.

4.3
2019-08-22 CVE-2016-10919 Wassup Real Time Analytics Project Cross-site Scripting vulnerability in Wassup Real Time Analytics Project Wassup Real Time Analytics

The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.

4.3
2019-08-22 CVE-2015-9336 Codection Cross-site Scripting vulnerability in Codection Clean Login

The clean-login plugin before 1.5.1 for WordPress has reflected XSS.

4.3
2019-08-22 CVE-2013-7481 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Contact Form

The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.

4.3
2019-08-22 CVE-2009-5158 Sumo Improper Input Validation vulnerability in Sumo Google Analyticator

The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.

4.3
2019-08-21 CVE-2019-1948 Cisco Improper Certificate Validation vulnerability in Cisco Webex Meetings 11.3/39.5

A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate.

4.3
2019-08-21 CVE-2018-20977 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Schema

The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.

4.3
2019-08-21 CVE-2018-20970 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft PDF & Print

The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2017-18562 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Error LOG Viewer

The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2017-18561 Embed Images IN Comments Project Cross-site Scripting vulnerability in Comments

The embed-comment-images plugin before 0.6 for WordPress has XSS.

4.3
2019-08-21 CVE-2017-18535 Smokesignal Project Cross-site Scripting vulnerability in Smokesignal Project Smokesignal

The smokesignal plugin before 1.2.7 for WordPress has XSS.

4.3
2019-08-21 CVE-2017-18525 Megamenu Cross-site Scripting vulnerability in Megamenu MAX Mega Menu

The megamenu plugin before 2.4 for WordPress has XSS.

4.3
2019-08-21 CVE-2017-18516 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Linkedin

The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2014-10378 Duplicate Post Project Cross-site Scripting vulnerability in Duplicate Post Project Duplicate Post

The duplicate-post plugin before 2.6 for WordPress has XSS.

4.3
2019-08-21 CVE-2012-6714 Count PER DAY Project Cross-site Scripting vulnerability in Count PER DAY Project Count PER DAY

The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.

4.3
2019-08-21 CVE-2017-18564 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Sender

The sender plugin before 1.2.1 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2017-18563 Swimordiesoftware Cross-site Scripting vulnerability in Swimordiesoftware Rsvp

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.

4.3
2019-08-21 CVE-2016-10912 Matchboxdesigngroup Cross-site Scripting vulnerability in Matchboxdesigngroup Universal Analytics

The universal-analytics plugin before 1.3.1 for WordPress has XSS.

4.3
2019-08-21 CVE-2016-10911 Cozmoslabs Cross-site Scripting vulnerability in Cozmoslabs Profile Builder

The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2016-10910 Formbuilder Project Cross-site Scripting vulnerability in Formbuilder Project Formbuilder

The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2015-9328 Cozmoslabs Cross-site Scripting vulnerability in Cozmoslabs Profile Builder

The profile-builder plugin before 2.2.5 for WordPress has XSS.

4.3
2019-08-21 CVE-2015-9327 Flickr Justified Gallery Project Cross-site Scripting vulnerability in Flickr Justified Gallery Project Flickr Justified Gallery

The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.

4.3
2019-08-21 CVE-2014-10380 Cozmoslabs Cross-site Scripting vulnerability in Cozmoslabs Profile Builder

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.

4.3
2019-08-21 CVE-2012-6715 Formbuilder Project Cross-site Scripting vulnerability in Formbuilder Project Formbuilder

The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.

4.3
2019-08-21 CVE-2019-15110 WP Front END Profile Project Cross-site Scripting vulnerability in WP Front END Profile Project WP Front END Profile 0.1/0.2/0.2.1

The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS.

4.3
2019-08-21 CVE-2017-18565 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Updater

The updater plugin before 1.35 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2017-18560 Content Audit Project Cross-site Scripting vulnerability in Content Audit Project Content Audit

The content-audit plugin before 1.9.2 for WordPress has XSS.

4.3
2019-08-21 CVE-2017-18558 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Testimonials

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2017-18557 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Google Maps

The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2017-18556 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Google Analytics

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2017-18555 Mediaburst Cross-site Scripting vulnerability in Mediaburst Booking Calendar

The booking-sms plugin before 1.1.0 for WordPress has XSS.

4.3
2019-08-21 CVE-2017-18554 Analytics Tracker Project Cross-site Scripting vulnerability in Analytics Tracker Project Analytics Tracker

The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event.

4.3
2019-08-21 CVE-2017-18553 AD Buttons Project Cross-site Scripting vulnerability in AD Buttons Project AD Buttons

The ad-buttons plugin before 2.3.2 for WordPress has XSS.

4.3
2019-08-21 CVE-2016-10908 Codepeople Cross-site Scripting vulnerability in Codepeople Booking Calendar Contact Form

The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.

4.3
2019-08-21 CVE-2016-10901 Gowebsolutions Cross-site Scripting vulnerability in Gowebsolutions WP Customer Reviews

The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.

4.3
2019-08-21 CVE-2016-10900 Wpmanage Cross-site Scripting vulnerability in Wpmanage UJI Countdown

The uji-countdown plugin before 2.0.7 for WordPress has XSS.

4.3
2019-08-21 CVE-2017-18537 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Visitors Online

The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2017-18536 Fullworks Cross-site Scripting vulnerability in Fullworks Stop User Enumeration 1.3.5/1.3.6/1.3.7

The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.

4.3
2019-08-21 CVE-2017-18534 Share ON Diaspora Project Cross-site Scripting vulnerability in Share ON Diaspora Project Share ON Diaspora

The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters.

4.3
2019-08-21 CVE-2016-10898 Fabrix Cross-site Scripting vulnerability in Fabrix Total Security

The total-security plugin before 3.4.1 for WordPress has XSS.

4.3
2019-08-21 CVE-2016-10897 Sermon Browser Project Cross-site Scripting vulnerability in Sermon Browser Project Sermon Browser

The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues.

4.3
2019-08-21 CVE-2016-10896 Clogica Cross-site Scripting vulnerability in Clogica SEO Redirection

The seo-redirection plugin before 4.3 for WordPress has stored XSS.

4.3
2019-08-21 CVE-2015-9321 Wpmadeeasy Cross-site Scripting vulnerability in Wpmadeeasy Shortcode Factory

The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.

4.3
2019-08-20 CVE-2019-8059 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

4.3
2019-08-20 CVE-2019-8058 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

4.3
2019-08-20 CVE-2019-8056 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

4.3
2019-08-20 CVE-2019-8054 Adobe Use After Free vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

4.3
2019-08-20 CVE-2019-8053 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

4.3
2019-08-20 CVE-2019-8052 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC and Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

4.3
2019-08-20 CVE-2019-8051 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.

4.3
2019-08-20 CVE-2019-8040 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

4.3
2019-08-20 CVE-2019-8037 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

4.3
2019-08-20 CVE-2019-8035 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat Reader DC

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability.

4.3
2019-08-20 CVE-2019-2129 Google Out-of-bounds Read vulnerability in Google Android

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-08-20 CVE-2019-4485 IBM Information Exposure Through an Error Message vulnerability in IBM products

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system.

4.3
2019-08-20 CVE-2019-4484 IBM Information Exposure Through an Error Message vulnerability in IBM products

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system.

4.3
2019-08-20 CVE-2019-4308 IBM Information Exposure Through an Error Message vulnerability in IBM products

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.

4.3
2019-08-20 CVE-2019-3966 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter.

4.3
2019-08-20 CVE-2019-3965 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter.

4.3
2019-08-20 CVE-2019-3964 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter.

4.3
2019-08-20 CVE-2019-3963 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter.

4.3
2019-08-20 CVE-2018-20978 Soflyy Cross-site Scripting vulnerability in Soflyy WP ALL Import

The wp-all-import plugin before 3.4.7 for WordPress has XSS.

4.3
2019-08-20 CVE-2017-18566 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft User Role

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2017-18533 Rimons Twitter Widget Project Cross-site Scripting vulnerability in Rimons Twitter Widget Project Rimons Twitter Widget

The rimons-twitter-widget plugin before 1.3 for WordPress has XSS.

4.3
2019-08-20 CVE-2017-18532 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Realty

The realty plugin before 1.1.0 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2017-18531 Raygun Cross-site Scripting vulnerability in Raygun Raygun4Wp

The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288.

4.3
2019-08-20 CVE-2017-18530 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Rating 0.1

The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2017-18529 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Promobar

The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2017-18528 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft PDF & Print

The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2017-18527 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Pagination

The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2017-18526 Lamp Solutions Cross-site Scripting vulnerability in Lamp-Solutions Moreads SE

The moreads-se plugin before 1.4.7 for WordPress has XSS.

4.3
2019-08-20 CVE-2017-18524 Football Pool Project Cross-site Scripting vulnerability in Football Pool Project Football Pool

The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2017-18522 Eelv Newsletter Project Cross-site Scripting vulnerability in Eelv Newsletter Project Eelv Newsletter

The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book.

4.3
2019-08-20 CVE-2017-18519 Marvinlabs Cross-site Scripting vulnerability in Marvinlabs WP Customer Area

The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.

4.3
2019-08-20 CVE-2017-18518 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Smtp

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2016-10895 Optiontree Project Cross-site Scripting vulnerability in Optiontree Project Optiontree

The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.

4.3
2019-08-20 CVE-2016-10892 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Chained Quiz

The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2015-9319 Greg S High Performance SEO Project Cross-site Scripting vulnerability in Greg'S High Performance SEO Project Greg'S High Performance SEO

The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser.

4.3
2019-08-20 CVE-2017-18568 Mythemeshop Cross-site Scripting vulnerability in Mythemeshop MY WP Translate

The my-wp-translate plugin before 1.0.4 for WordPress has XSS.

4.3
2019-08-20 CVE-2017-18567 Soflyy Cross-site Scripting vulnerability in Soflyy WP ALL Import

The wp-all-import plugin before 3.4.6 for WordPress has XSS.

4.3
2019-08-20 CVE-2017-18520 WP Kama Cross-site Scripting vulnerability in Wp-Kama Democracy Poll

The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.

4.3
2019-08-20 CVE-2017-18517 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Pinterest

The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.

4.3
2019-08-20 CVE-2016-10913 Joomunited Cross-site Scripting vulnerability in Joomunited WP Latest Posts

The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.

4.3
2019-08-20 CVE-2015-9329 Soflyy Cross-site Scripting vulnerability in Soflyy WP ALL Import

The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.

4.3
2019-08-20 CVE-2015-9317 Getawesomesupport Cross-site Scripting vulnerability in Getawesomesupport Awesome Support

The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.

4.3
2019-08-20 CVE-2019-15233 Oldstreetsolutions Cross-site Scripting vulnerability in Oldstreetsolutions Live Input Macros

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.

4.3
2019-08-20 CVE-2019-15082 Yofla Cross-site Scripting vulnerability in Yofla 360 Product Rotation

The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS.

4.3
2019-08-20 CVE-2018-20975 Fatfreecrm Cross-site Scripting vulnerability in Fatfreecrm FAT Free CRM

Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.

4.3
2019-08-20 CVE-2019-15227 Getflightpath Cross-site Scripting vulnerability in Getflightpath Flightpath 4.8.3

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console.

4.3
2019-08-19 CVE-2019-6159 Lenovo Cross-site Scripting vulnerability in Lenovo products

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC).

4.3
2019-08-23 CVE-2019-13421 Search Guard Information Exposure vulnerability in Search-Guard Search Guard

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

4.0
2019-08-22 CVE-2019-11013 Softvelum Path Traversal vulnerability in Softvelum Nimble Streamer

Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability.

4.0
2019-08-21 CVE-2019-12623 Cisco File and Directory Information Exposure vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system.

4.0
2019-08-20 CVE-2019-3753 Dell Insufficiently Protected Credentials vulnerability in Dell products

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability.

4.0
2019-08-20 CVE-2019-3967 Open EMR Path Traversal vulnerability in Open-Emr Openemr

In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.

4.0

21 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-08-23 CVE-2019-8444 Atlassian Cross-site Scripting vulnerability in Atlassian Jira Server

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.

3.5
2019-08-23 CVE-2019-15480 Domoticz Cross-site Scripting vulnerability in Domoticz 4.10717

Domoticz 4.10717 has XSS via item.Name.

3.5
2019-08-23 CVE-2019-15508 Octopus Cleartext Storage of Sensitive Information vulnerability in Octopus Server and Tentacle

In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext.

3.5
2019-08-23 CVE-2019-15507 Octopus Cleartext Storage of Sensitive Information vulnerability in Octopus Server

In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext.

3.5
2019-08-22 CVE-2018-20986 Advancedcustomfields Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields

The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.

3.5
2019-08-22 CVE-2019-12386 Ampache Cross-site Scripting vulnerability in Ampache

An issue was discovered in Ampache through 3.9.1.

3.5
2019-08-22 CVE-2019-14469 Sonatype Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.

3.5
2019-08-22 CVE-2019-15314 Tiki Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 18.4

tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.

3.5
2019-08-21 CVE-2019-15127 Vanderbilt Cross-site Scripting vulnerability in Vanderbilt Redcap

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.

3.5
2019-08-21 CVE-2019-12626 Cisco Improper Input Validation vulnerability in Cisco Unified Contact Center Express 12.5(1)

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2019-08-20 CVE-2019-11522 Open Xchange Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.0/7.10.1/7.10.2

OX App Suite 7.10.0 to 7.10.2 allows XSS.

3.5
2019-08-20 CVE-2019-15228 Thedaylightstudio Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console.

3.5
2019-08-22 CVE-2019-5634 Belwith Keeler Information Exposure Through Log Files vulnerability in Belwith-Keeler Hickory Smart 01.01.40/01.01.43

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC.

2.1
2019-08-22 CVE-2019-5633 Belwith Keeler Insecure Storage of Sensitive Information vulnerability in Belwith-Keeler Hickory Smart

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC.

2.1
2019-08-22 CVE-2019-5632 Belwith Keeler Insecure Storage of Sensitive Information vulnerability in Belwith-Keeler Hickory Smart 01.01.40/01.01.43

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC.

2.1
2019-08-21 CVE-2019-11551 Code42 Improper Privilege Management vulnerability in Code42 products

In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.

2.1
2019-08-20 CVE-2019-4049 IBM Resource Exhaustion vulnerability in IBM MQ

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service.

2.1
2019-08-20 CVE-2018-18056 TI Information Exposure vulnerability in TI Tm4C123 Firmware and Tm4C129 Firmware

An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series.

2.1
2019-08-20 CVE-2019-11806 Open Xchange Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite

OX App Suite 7.10.1 and earlier has Insecure Permissions.

2.1
2019-08-19 CVE-2017-18550 Linux Information Exposure vulnerability in Linux Kernel

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13.

2.1
2019-08-19 CVE-2017-18549 Linux Information Exposure vulnerability in Linux Kernel

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13.

2.1