Weekly Vulnerabilities Reports > September 23 to 29, 2019

Overview

553 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 66 high severity vulnerabilities. This weekly summary report vulnerabilities in 596 products from 149 vendors including Google, Jenkins, Cisco, Mozilla, and Apache. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Cross-site Scripting", "Out-of-bounds Write", "Improper Input Validation", and "Cross-Site Request Forgery (CSRF)".

  • 448 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 117 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 491 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 262 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-09-27 CVE-2019-8074 Adobe Path Traversal vulnerability in Adobe Coldfusion 2016/2018

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability.

10.0
2019-09-27 CVE-2019-8073 Adobe Command Injection vulnerability in Adobe Coldfusion 2016/2018

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability.

10.0
2019-09-27 CVE-2019-16920 Dlink OS Command Injection vulnerability in Dlink products

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565.

10.0
2019-09-25 CVE-2019-15068 Gigastone Missing Authentication FOR Critical Function vulnerability in Gigastone Smart Battery A4 Firmware R1.7.9

A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.

10.0
2019-09-25 CVE-2019-15067 Gigastone Unspecified vulnerability in Gigastone Smart Battery A2-25De Firmware 20131016

An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6.

10.0
2019-09-23 CVE-2019-3416 ZTE Improper Input Validation vulnerability in ZTE Zxv10 B860A Firmware

All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability.

10.0
2019-09-27 CVE-2019-11752 Mozilla USE After Free vulnerability in Mozilla Firefox

It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion.

9.3
2019-09-25 CVE-2019-12651 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device.

9.0
2019-09-25 CVE-2019-12650 Cisco OS Command Injection vulnerability in Cisco IOS and IOS XE

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device.

9.0
2019-09-25 CVE-2019-12648 Cisco Incorrect Authorization vulnerability in Cisco IOS 15.7(3)M3

A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device.

9.0
2019-09-25 CVE-2019-16701 Netgate OS Command Injection vulnerability in Netgate Pfsense

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.

9.0

66 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-09-26 CVE-2019-6175 Lenovo Unspecified vulnerability in Lenovo System Update

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.

7.8
2019-09-25 CVE-2019-12669 Cisco Improper Input Validation vulnerability in Cisco IOS 15.2(3)E/15.2(3)E5/16.11.1

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2019-09-25 CVE-2019-12663 Cisco Improper Input Validation vulnerability in Cisco IOS XE 16.12.1/16.6.4

A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.

7.8
2019-09-25 CVE-2019-12658 Cisco Resource Exhaustion vulnerability in Cisco IOS XE 16.6.1/16.8.1

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition.

7.8
2019-09-25 CVE-2019-12657 Cisco Improper Input Validation vulnerability in Cisco IOS XE 16.3.6

A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

7.8
2019-09-25 CVE-2019-12655 Cisco Classic Buffer Overflow vulnerability in Cisco IOS

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

7.8
2019-09-25 CVE-2019-12654 Cisco Null Pointer Dereference vulnerability in Cisco IOS XE 15.6(1)S4.2/16.3.8/16.9.1

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.

7.8
2019-09-25 CVE-2019-12653 Cisco Improper Input Validation vulnerability in Cisco IOS XE 16.10.1/16.9

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.

7.8
2019-09-25 CVE-2019-12652 Cisco Resource Exhaustion vulnerability in Cisco IOS 15.2(3)E1/15.2(4)E3

A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2019-09-25 CVE-2019-16889 UI Allocation of Resources Without Limits OR Throttling vulnerability in UI products

Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header.

7.8
2019-09-25 CVE-2019-12647 Cisco Null Pointer Dereference vulnerability in Cisco IOS XE Fuji16.7.1/Fuji16.8.1

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

7.8
2019-09-25 CVE-2019-12646 Cisco Improper Initialization vulnerability in Cisco IOS XE

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

7.8
2019-09-23 CVE-2019-1367 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Internet Explorer 10/11/9

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2019-09-27 CVE-2019-3766 Dell Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Elastic Cloud Storage

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability.

7.5
2019-09-27 CVE-2019-16928 Exim
Canonical
Debian
Classic Buffer Overflow vulnerability in multiple products

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.

7.5
2019-09-27 CVE-2019-9459 Google Classic Buffer Overflow vulnerability in Google Android 10.0

In libttspico, there is a possible OOB write due to a heap buffer overflow.

7.5
2019-09-27 CVE-2019-9365 Google Deserialization of Untrusted Data vulnerability in Google Android 10.0

In Bluetooth, there is a possible deserialization error due to missing string validation.

7.5
2019-09-27 CVE-2019-9301 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

7.5
2019-09-27 CVE-2019-11740 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8.

7.5
2019-09-27 CVE-2019-11735 Mozilla Classic Buffer Overflow vulnerability in Mozilla Firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68.

7.5
2019-09-27 CVE-2019-11734 Mozilla Classic Buffer Overflow vulnerability in Mozilla Firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 68.

7.5
2019-09-26 CVE-2019-11278 Cloudfoundry Improper Input Validation vulnerability in Cloudfoundry User Account and Authentication

CF UAA versions prior to 74.1.0, allow external input to be directly queried against.

7.5
2019-09-26 CVE-2019-16915 Netgate Improper Input Validation vulnerability in Netgate Pfsense

An issue was discovered in pfSense through 2.4.4-p3.

7.5
2019-09-26 CVE-2019-16894 Inoideas Deserialization of Untrusted Data vulnerability in Inoideas Inoerp 4.15

download.php in inoERP 4.15 allows SQL injection through insecure deserialization.

7.5
2019-09-26 CVE-2019-16755 BMC Deserialization of Untrusted Data vulnerability in BMC Myit Digital Workplace

BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application.

7.5
2019-09-26 CVE-2015-9435 Dash10 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Dash10 Oauth Server

The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.

7.5
2019-09-25 CVE-2019-15941 Lemonldap NG
Debian
Incorrect Authorization vulnerability in multiple products

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request.

7.5
2019-09-25 CVE-2019-15069 Gigastone Unspecified vulnerability in Gigastone Smart Battery A4 Firmware R1.7.9

An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 .

7.5
2019-09-25 CVE-2019-12204 Silverstripe Unspecified vulnerability in Silverstripe

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.

7.5
2019-09-25 CVE-2019-16881 Portaudio RS Project USE After Free vulnerability in Portaudio-Rs Project Portaudio-Rs 0.3.0/0.3.1

An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust.

7.5
2019-09-25 CVE-2019-16880 Linea Project Double Free vulnerability in Linea Project Linea

An issue was discovered in the linea crate through 0.9.4 for Rust.

7.5
2019-09-25 CVE-2019-16194 Centreon SQL Injection vulnerability in Centreon

SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.

7.5
2019-09-25 CVE-2019-16868 Emlog Path Traversal vulnerability in Emlog 3.5.1/5.3.1/6.0.0

emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.

7.5
2019-09-24 CVE-2019-16759 Vbulletin Improper Input Validation vulnerability in Vbulletin

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

7.5
2019-09-24 CVE-2019-16724 Upredsun Classic Buffer Overflow vulnerability in Upredsun File Sharing Wizard 1.5.0

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.

7.5
2019-09-24 CVE-2019-5504 Netapp Improper Input Validation vulnerability in Netapp Ontap Select Deploy Administration Utility 2.12/2.12.1

ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.

7.5
2019-09-24 CVE-2019-16411 Suricata IDS Out-Of-Bounds Read vulnerability in Suricata-Ids Suricata 4.1.4

An issue was discovered in Suricata 4.1.4.

7.5
2019-09-24 CVE-2019-16383 Ipswitch SQL Injection vulnerability in Ipswitch Moveit Transfer 10.2.0/11.0/11.1

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database.

7.5
2019-09-24 CVE-2019-16748 Wolfssl Out-Of-Bounds Read vulnerability in Wolfssl

In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking.

7.5
2019-09-24 CVE-2019-16746 Linux Classic Buffer Overflow vulnerability in Linux Kernel

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17.

7.5
2019-09-23 CVE-2019-16377 Makandra Unspecified vulnerability in Makandra Consul

The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control.

7.5
2019-09-23 CVE-2019-16722 Zzzcms Improper Input Validation vulnerability in Zzzcms Zzzphp 1.7.2

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.

7.5
2019-09-23 CVE-2019-16702 Integard PRO Project Classic Buffer Overflow vulnerability in Integard PRO Project Integard PRO 2.2.0.9026

Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.

7.5
2019-09-27 CVE-2019-9384 Google Unspecified vulnerability in Google Android 10.0

In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check.

7.2
2019-09-27 CVE-2019-9266 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In sensorservice, there is a possible out of bounds write due to a missing bounds check.

7.2
2019-09-27 CVE-2019-9259 Google USE After Free vulnerability in Google Android 10.0

In the Bluetooth stack, there is a possible out of bounds write due to a use after free.

7.2
2019-09-27 CVE-2018-19592 Corsair Incorrect Default Permissions vulnerability in Corsair Link 4.9.7.35

The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default.

7.2
2019-09-26 CVE-2019-12091 Netskope OS Command Injection vulnerability in Netskope 57/60

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost.

7.2
2019-09-26 CVE-2019-10882 Netskope Classic Buffer Overflow vulnerability in Netskope 57/60

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost.

7.2
2019-09-25 CVE-2019-16253 Samsung Unspecified vulnerability in Samsung Text-To-Speech

The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges.

7.2
2019-09-25 CVE-2019-12717 Cisco OS Command Injection vulnerability in Cisco Nx-Os

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges.

7.2
2019-09-25 CVE-2019-12709 Cisco OS Command Injection vulnerability in Cisco IOS XR

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges.

7.2
2019-09-25 CVE-2019-12672 Cisco Link Following vulnerability in Cisco IOS 16.9.1

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges.

7.2
2019-09-25 CVE-2019-12671 Cisco Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS).

7.2
2019-09-25 CVE-2019-12666 Cisco Path Traversal vulnerability in Cisco IOS XE

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software.

7.2
2019-09-25 CVE-2019-12662 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco products

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device.

7.2
2019-09-25 CVE-2019-12661 Cisco OS Command Injection vulnerability in Cisco IOS XE

A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root.

7.2
2019-09-25 CVE-2019-12649 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco IOS and IOS XE

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device.

7.2
2019-09-24 CVE-2019-16729 PAM Python Project Unspecified vulnerability in Pam-Python Project Pam-Python 1.0.41/1.0.51/1.0.61

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.

7.2
2019-09-27 CVE-2019-9418 Google Improper Input Validation vulnerability in Google Android 10.0

In libstagefright, there is a possible resource exhaustion due to a missing bounds check.

7.1
2019-09-27 CVE-2019-9379 Google Improper Input Validation vulnerability in Google Android 10.0

In libstagefright, there is a possible resource exhaustion due to a missing bounds check.

7.1
2019-09-27 CVE-2019-9372 Google Improper Input Validation vulnerability in Google Android 10.0

In libskia, there is a possible crash due to a missing null check.

7.1
2019-09-27 CVE-2019-9371 Google Improper Input Validation vulnerability in Google Android 10.0

In libvpx, there is a possible resource exhaustion due to improper input validation.

7.1
2019-09-27 CVE-2019-9349 Google Resource Exhaustion vulnerability in Google Android 10.0

In libstagefright, there is a possible resource exhaustion due to improper input validation.

7.1
2019-09-27 CVE-2019-9348 Google Improper Input Validation vulnerability in Google Android 10.0

In libstagefright, there is a possible resource exhaustion due to improper input validation.

7.1
2019-09-25 CVE-2019-16892 Rubyzip Project Resource Exhaustion vulnerability in Rubyzip Project Rubyzip

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed.

7.1

395 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-09-27 CVE-2019-9386 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In NFC server, there is a possible out of bounds write due to a missing bounds check.

6.9
2019-09-27 CVE-2019-9375 Google Race Condition vulnerability in Google Android 10.0

In hostapd, there is a possible out of bounds write due to a race condition.

6.9
2019-09-27 CVE-2019-9238 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In the NFC stack, there is a possible out of bounds write due to a missing bounds check.

6.9
2019-09-27 CVE-2019-2189 Google Race Condition vulnerability in Google Android 10.0

In the Easel driver, there is possible memory corruption due to race conditions.

6.9
2019-09-27 CVE-2019-2188 Google Race Condition vulnerability in Google Android 10.0

In the Easel driver, there is possible memory corruption due to race conditions.

6.9
2019-09-28 CVE-2019-16941 NSA XML Injection (Aka Blind Xpath Injection) vulnerability in NSA Ghidra

NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document.

6.8
2019-09-27 CVE-2019-11927 Whatsapp Out-Of-Bounds Write vulnerability in Whatsapp

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images.

6.8
2019-09-27 CVE-2019-9405 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9382 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libeffects, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-9363 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-9357 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9346 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libstagefright, there is a possible out of bounds write due to a heap buffer overflow.

6.8
2019-09-27 CVE-2019-9310 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libFDK, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9308 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9307 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9306 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libMpegTPDec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9305 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9304 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libMpegTPDec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9303 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libFDK, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9302 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9300 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9299 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9298 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9297 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libAACdec, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9291 Google Allocation of Resources Without Limits OR Throttling vulnerability in Google Android 10.0

In Bluetooth, there is a possible remote code execution due to an improper memory allocation.

6.8
2019-09-27 CVE-2019-9278 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libexif, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9262 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-9256 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In libmediaextractor there is a possible out of bounds write due to an integer overflow.

6.8
2019-09-27 CVE-2019-2159 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2141 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2087 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2086 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2085 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2084 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2083 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2082 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2081 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2080 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2078 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2077 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2076 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2075 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2074 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2073 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write to missing bounds check.

6.8
2019-09-27 CVE-2019-2072 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2071 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2070 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2069 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2068 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2067 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2066 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2065 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2064 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2063 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2062 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2061 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2059 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-2055 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds write due to a missing bounds check.

6.8
2019-09-27 CVE-2019-11751 Mozilla
Microsoft
Argument Injection OR Modification vulnerability in Mozilla Firefox and Firefox ESR

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application.

6.8
2019-09-27 CVE-2019-11746 Mozilla USE After Free vulnerability in Mozilla Firefox

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use.

6.8
2019-09-27 CVE-2019-11738 Mozilla Incorrect Default Permissions vulnerability in Mozilla Firefox

If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed.

6.8
2019-09-27 CVE-2019-9853 Libreoffice Improper Encoding OR Escaping of Output vulnerability in Libreoffice

LibreOffice documents can contain macros.

6.8
2019-09-26 CVE-2019-16667 Netgate Cross-Site Request Forgery (CSRF) vulnerability in Netgate Pfsense 2.4.4

diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands.

6.8
2019-09-26 CVE-2015-9445 Unitegallery Cross-Site Request Forgery (CSRF) vulnerability in Unitegallery Unite Gallery Lite

The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.

6.8
2019-09-25 CVE-2019-16887 Irfanview Classic Buffer Overflow vulnerability in Irfanview 4.53

In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.

6.8
2019-09-24 CVE-2019-13527 Rockwellautomation Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena Simulation Software

In Rockwell Automation Arena Simulation Software Cat.

6.8
2019-09-23 CVE-2019-10996 Redlion USE After Free vulnerability in Redlion Crimson

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.

6.8
2019-09-23 CVE-2019-10984 Redlion Access of Uninitialized Pointer vulnerability in Redlion Crimson

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.

6.8
2019-09-23 CVE-2019-10978 Redlion Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redlion Crimson

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.

6.8
2019-09-23 CVE-2019-16718 Radare OS Command Injection vulnerability in Radare Radare2

In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c.

6.8
2019-09-23 CVE-2019-16706 Kkcms Project Cross-Site Request Forgery (CSRF) vulnerability in Kkcms Project Kkcms 1.3

kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.

6.8
2019-09-27 CVE-2019-3746 Dell Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API.

6.5
2019-09-26 CVE-2019-11279 Cloudfoundry Improper Privilege Management vulnerability in Cloudfoundry UAA Release

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes.

6.5
2019-09-26 CVE-2015-9448 Pressified SQL Injection vulnerability in Pressified Sendpress

The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.

6.5
2019-09-26 CVE-2015-9446 Unitegallery SQL Injection vulnerability in Unitegallery Unite Gallery Lite

The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.

6.5
2019-09-26 CVE-2015-9449 Efficientscripts SQL Injection vulnerability in Efficientscripts Microblog Poster

The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter.

6.5
2019-09-25 CVE-2019-14666 Glpi Project Information Exposure vulnerability in Glpi-Project Glpi

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature.

6.5
2019-09-25 CVE-2019-10418 Jenkins Improper Privilege Management vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

6.5
2019-09-25 CVE-2019-10417 Jenkins Improper Privilege Management vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

6.5
2019-09-27 CVE-2019-16902 Reputeinfosystems Improper Input Validation vulnerability in Reputeinfosystems Arforms 3.7.1

In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.

6.4
2019-09-26 CVE-2019-10082 Apache USE After Free vulnerability in Apache Http Server

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

6.4
2019-09-25 CVE-2019-6652 F5 Missing Authentication FOR Critical Function vulnerability in F5 Big-Iq Centralized Management 6.0.0/6.0.1/6.1.0

In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).

6.4
2019-09-24 CVE-2019-16410 Suricata IDS Out-Of-Bounds Read vulnerability in Suricata-Ids Suricata 4.1.4

An issue was discovered in Suricata 4.1.4.

6.4
2019-09-24 CVE-2019-15699 Suricata IDS Out-Of-Bounds Read vulnerability in Suricata-Ids Suricata 4.1.4

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4.

6.4
2019-09-23 CVE-2019-16705 Libming Out-Of-Bounds Read vulnerability in Libming 0.4.8

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.

6.4
2019-09-24 CVE-2019-3726 Dell Uncontrolled Search Path Element vulnerability in Dell Update Package Framework 19.1.0.413/3.8.3.67

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers.

6.2
2019-09-26 CVE-2019-10097 Apache Null Pointer Dereference vulnerability in Apache Http Server

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference.

6.0
2019-09-26 CVE-2019-16532 Yzmcms Injection vulnerability in Yzmcms 5.3

An HTTP Host header injection vulnerability exists in YzmCMS V5.3.

5.8
2019-09-26 CVE-2015-9418 Kibokolabs Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Watupro

The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.

5.8
2019-09-25 CVE-2019-12665 Cisco Inadequate Encryption Strength vulnerability in Cisco IOS 15.6(2)T/Fd1.5.0

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel.

5.8
2019-09-25 CVE-2019-16188 Hcltech XXE vulnerability in Hcltech Appscan Source

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations.

5.8
2019-09-25 CVE-2019-10098 Apache Open Redirect vulnerability in Apache Http Server

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

5.8
2019-09-23 CVE-2019-16721 5None Cross-Site Request Forgery (CSRF) vulnerability in 5None Nonecms 1.3.0

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.

5.8
2019-09-25 CVE-2019-16867 Hongcms Project Improper Input Validation vulnerability in Hongcms Project Hongcms 3.0.0

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774.

5.5
2019-09-23 CVE-2019-10754 Apereo USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Apereo Central Authentication Service

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

5.5
2019-09-23 CVE-2019-11277 Cloudfoundry Injection vulnerability in Cloudfoundry Cf-Deployment

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection.

5.5
2019-09-28 CVE-2019-16930 Z Cash Improper Handling of Exceptional Conditions vulnerability in Z.Cash Zcash

Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts.

5.0
2019-09-27 CVE-2019-9462 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check.

5.0
2019-09-27 CVE-2019-9432 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to improper input validation.

5.0
2019-09-27 CVE-2019-9430 Google Null Pointer Dereference vulnerability in Google Android 10.0

In Bluetooth, there is a possible null pointer dereference due to a missing null check.

5.0
2019-09-27 CVE-2019-9425 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9422 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9419 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9413 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9404 Google Improper Input Validation vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9402 Google Buffer Errors vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9401 Google Improper Input Validation vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9400 Google Null Pointer Dereference vulnerability in Google Android 10.0

In Bluetooth, there is a possible null pointer dereference due to a missing null check.

5.0
2019-09-27 CVE-2019-9398 Google Improper Input Validation vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9397 Google Improper Input Validation vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9396 Google Improper Input Validation vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9395 Google Improper Input Validation vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9394 Google Improper Input Validation vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9393 Google Improper Input Validation vulnerability in Google Android 10.0

In Bluetooth, there is possible controlled termination due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9390 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9389 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9388 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9387 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9381 Google USE After Free vulnerability in Google Android 10.0

In netd, there is a possible out of bounds read due to a use after free.

5.0
2019-09-27 CVE-2019-9367 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9355 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9343 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9342 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9341 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9333 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9332 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9331 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9330 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9329 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to uninitialized data.

5.0
2019-09-27 CVE-2019-9328 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9327 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9326 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9323 Google Missing Authorization vulnerability in Google Android 10.0

In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check.

5.0
2019-09-27 CVE-2019-9311 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In Bluetooth, there is a possible crash due to an integer overflow.

5.0
2019-09-27 CVE-2019-9286 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9285 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9284 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9281 Google Path Traversal vulnerability in Google Android 10.0

In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization.

5.0
2019-09-27 CVE-2019-9279 Google Null Pointer Dereference vulnerability in Google Android 10.0

In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference.

5.0
2019-09-27 CVE-2019-9265 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check.

5.0
2019-09-27 CVE-2019-9260 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check.

5.0
2019-09-27 CVE-2019-9250 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9241 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9234 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-9233 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check.

5.0
2019-09-27 CVE-2019-9232 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libvpx, there is a possible out of bounds read due to a missing bounds check.

5.0
2019-09-27 CVE-2019-11755 Mozilla Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message.

5.0
2019-09-27 CVE-2019-11737 Mozilla Insufficient Verification of Data Authenticity vulnerability in Mozilla Firefox

If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content.

5.0
2019-09-27 CVE-2019-11733 Mozilla Improper Authentication vulnerability in Mozilla Firefox and Firefox ESR

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog.

5.0
2019-09-27 CVE-2019-8075 Adobe Origin Validation Error vulnerability in Adobe Flash Player and Flash Player Desktop Runtime

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability.

5.0
2019-09-27 CVE-2019-8072 Adobe Information Exposure vulnerability in Adobe Coldfusion 2016/2018

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability.

5.0
2019-09-27 CVE-2019-16922 Salesagility Information Exposure vulnerability in Salesagility Suitecrm

SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.

5.0
2019-09-27 CVE-2019-16921 Linux Improper Initialization vulnerability in Linux Kernel

In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.

5.0
2019-09-26 CVE-2019-15891 Cksource Information Exposure vulnerability in Cksource Ckfinder

An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0.

5.0
2019-09-26 CVE-2019-15862 Cksource Unrestricted Upload of File With Dangerous Type vulnerability in Cksource Ckfinder

An issue was discovered in CKFinder through 2.6.2.1.

5.0
2019-09-26 CVE-2019-6161 Lenovo Session Fixation vulnerability in Lenovo CP Storage Block Firmware

An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M.

5.0
2019-09-26 CVE-2019-16869 Netty
Debian
Http Request Smuggling vulnerability in multiple products

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

5.0
2019-09-26 CVE-2019-16409 Silverstripe
Symbiote
Information Exposure vulnerability in multiple products

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL.

5.0
2019-09-26 CVE-2019-13523 Honeywell Information Exposure vulnerability in Honeywell products

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network.

5.0
2019-09-26 CVE-2019-0203 Apache Improper Input Validation vulnerability in Apache Subversion

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands.

5.0
2019-09-26 CVE-2019-4262 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF).

5.0
2019-09-26 CVE-2019-14844 MIT
Fedoraproject
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes".
5.0
2019-09-26 CVE-2019-14273 Silverstripe Files OR Directories Accessible TO External Parties vulnerability in Silverstripe

In SilverStripe assets 4.0, there is broken access control on files.

5.0
2019-09-26 CVE-2019-16903 Plutinosoft Path Traversal vulnerability in Plutinosoft Platinum 1.2.0

Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /..

5.0
2019-09-26 CVE-2019-16738 Mediawiki Information Exposure vulnerability in Mediawiki

In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.

5.0
2019-09-26 CVE-2019-16901 Advantech Improper Handling of Exceptional Conditions vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31

Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.

5.0
2019-09-26 CVE-2019-16900 Advantech Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31

Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.

5.0
2019-09-26 CVE-2019-16899 Advantech Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31

In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.

5.0
2019-09-26 CVE-2015-9415 Angrycreative Improper Input Validation vulnerability in Angrycreative BJ Lazy Load

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.

5.0
2019-09-25 CVE-2019-12664 Cisco Improper Authentication vulnerability in Cisco IOS XE 16.6.4

A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication.

5.0
2019-09-25 CVE-2019-12659 Cisco Improper Input Validation vulnerability in Cisco IOS XE 16.10.1

A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash.

5.0
2019-09-25 CVE-2019-12656 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition.

5.0
2019-09-25 CVE-2019-6656 F5 Information Exposure Through LOG Files vulnerability in F5 Big-Ip Access Policy Manager

BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files.

5.0
2019-09-25 CVE-2019-12245 Silverstripe Incorrect Permission Assignment FOR Critical Resource vulnerability in Silverstripe

SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile().

5.0
2019-09-25 CVE-2019-6651 F5 Information Exposure Through Discrepancy vulnerability in F5 products

In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.

5.0
2019-09-25 CVE-2019-16884 Linuxfoundation
Docker
Incorrect Authorization vulnerability in multiple products

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

5.0
2019-09-25 CVE-2019-16882 String Interner Project USE After Free vulnerability in String-Interner Project String-Interner

An issue was discovered in the string-interner crate before 0.7.1 for Rust.

5.0
2019-09-25 CVE-2019-10428 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Aqua Security Scanner

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

5.0
2019-09-25 CVE-2019-10427 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Aqua Microscanner

Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

5.0
2019-09-25 CVE-2019-10412 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Inedo Proget

Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

5.0
2019-09-25 CVE-2019-10411 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Inedo Buildmaster

Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

5.0
2019-09-24 CVE-2019-5505 Netapp Insufficiently Protected Credentials vulnerability in Netapp Ontap Select Deploy Administration Utility

ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.

5.0
2019-09-24 CVE-2019-16754 Riot OS Null Pointer Dereference vulnerability in Riot-Os Riot 2019.07

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT.

5.0
2019-09-24 CVE-2019-14753 Sick Classic Buffer Overflow vulnerability in Sick Fx0-Gent00000 Firmware and Fx0-Gpnt00000 Firmware

SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow

5.0
2019-09-23 CVE-2019-1255 Microsoft Unspecified vulnerability in Microsoft products

A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.

5.0
2019-09-23 CVE-2018-21019 Home Assistant Information Exposure vulnerability in Home-Assistant

Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.

5.0
2019-09-23 CVE-2019-13063 Sahipro Path Traversal vulnerability in Sahipro Sahi PRO 8.0.0

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page.

5.0
2019-09-23 CVE-2019-16720 Zzzcms Unrestricted Upload of File With Dangerous Type vulnerability in Zzzcms Zzzphp 1.7.2

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.

5.0
2019-09-23 CVE-2019-16714 Linux Information Exposure vulnerability in Linux Kernel

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

5.0
2019-09-27 CVE-2019-9376 Google Improper Input Validation vulnerability in Google Android 10.0

In Account of Account.java, there is a possible boot loop due to improper input validation.

4.9
2019-09-27 CVE-2019-9360 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In the TEE, there's a possible out of bounds read due to a missing bounds check.

4.9
2019-09-27 CVE-2019-9253 Google Insecure Storage of Sensitive Information vulnerability in Google Android 10.0

In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag.

4.9
2019-09-25 CVE-2019-12660 Cisco Improper Input Validation vulnerability in Cisco IOS XE

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device.

4.9
2019-09-24 CVE-2019-14220 Bluestacks
Microsoft
Apple
Information Exposure vulnerability in Bluestacks

An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows.

4.9
2019-09-27 CVE-2019-9429 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In profman, there is a possible out of bounds write due to memory corruption.

4.6
2019-09-27 CVE-2019-9423 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check.

4.6
2019-09-27 CVE-2019-9407 Google Unspecified vulnerability in Google Android 10.0

In notification management of the service manager, there is a possible permissions bypass.

4.6
2019-09-27 CVE-2019-9378 Google Incorrect Permission Assignment FOR Critical Resource vulnerability in Google Android 10.0

In the Activity Manager service, there is a possible permission bypass due to incorrect permission check.

4.6
2019-09-27 CVE-2019-9350 Google USE After Free vulnerability in Google Android 10.0

In Keymaster, there is a possible EoP due to a use after free.

4.6
2019-09-27 CVE-2019-9295 Google Missing Authorization vulnerability in Google Android 10.0

In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check.

4.6
2019-09-27 CVE-2019-9290 Google Allocation of Resources Without Limits OR Throttling vulnerability in Google Android 10.0

In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions.

4.6
2019-09-27 CVE-2019-9288 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check.

4.6
2019-09-27 CVE-2019-9263 Google Missing Authorization vulnerability in Google Android 10.0

In telephony, there is a possible bypass of user interaction requirements due to missing permission checks.

4.6
2019-09-27 CVE-2019-9258 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In wifilogd, there is a possible out of bounds write due to a missing bounds check.

4.6
2019-09-27 CVE-2019-9257 Google Integer Overflow OR Wraparound vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds write due to an integer overflow.

4.6
2019-09-27 CVE-2018-9425 Google Improper Privilege Management vulnerability in Google Android 10.0

In Platform, there is a possible bypass of user interaction requirements due to missing permission checks.

4.6
2019-09-27 CVE-2019-11753 Mozilla Improper Validation of Integrity Check Value vulnerability in Mozilla Firefox

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware.

4.6
2019-09-25 CVE-2019-12670 Cisco Incorrect Permission Assignment for Critical Resource vulnerability in Cisco IOS 16.10.1

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device.

4.6
2019-09-24 CVE-2019-5094 E2Fsprogs Project
Debian
Fedoraproject
Canonical
Netapp
Out-Of-Bounds Write vulnerability in multiple products

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3.

4.6
2019-09-24 CVE-2019-14239 NXP Improper Authentication vulnerability in NXP products

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register.

4.6
2019-09-24 CVE-2019-14238 ST Improper Authentication vulnerability in ST products

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.

4.6
2019-09-24 CVE-2019-13357 Totaldefense Untrusted Search Path vulnerability in Totaldefense Anti-Virus 9.0.0.773

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution.

4.6
2019-09-24 CVE-2019-13356 Totaldefense Incorrect Permission Assignment FOR Critical Resource vulnerability in Totaldefense Anti-Virus 9.0.0.773

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL.

4.6
2019-09-24 CVE-2019-13355 Totaldefense Incorrect Permission Assignment FOR Critical Resource vulnerability in Totaldefense Anti-Virus 9.0.0.773

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable.

4.6
2019-09-27 CVE-2019-9463 Google Unspecified vulnerability in Google Android 10.0

In Platform, there is a possible bypass of user interaction requirements due to background app interception.

4.4
2019-09-27 CVE-2019-9358 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds write due to a missing bounds check.

4.4
2019-09-27 CVE-2019-9309 Google Out-Of-Bounds Write vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds write due to a missing bounds check.

4.4
2019-09-27 CVE-2019-9269 Google Insufficient Session Expiration vulnerability in Google Android 10.0

In System Settings, there is a possible permissions bypass due to a cached Linux user ID.

4.4
2019-09-27 CVE-2019-11736 Mozilla Race Condition vulnerability in Mozilla Firefox

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access.

4.4
2019-09-28 CVE-2019-16935 Python Cross-Site Scripting vulnerability in Python

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field.

4.3
2019-09-28 CVE-2019-16926 Flower Project Cross-Site Scripting vulnerability in Flower Project Flower 1.0.0

** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name.

4.3
2019-09-28 CVE-2019-16925 Flower Project Cross-Site Scripting vulnerability in Flower Project Flower 1.0.0

** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app.task call.

4.3
2019-09-27 CVE-2019-16927 Glyphandcog Out-Of-Bounds Write vulnerability in Glyphandcog Xpdf 4.01.01

Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.

4.3
2019-09-27 CVE-2019-9433 Google Improper Input Validation vulnerability in Google Android 10.0

In libvpx, there is a possible information disclosure due to improper input validation.

4.3
2019-09-27 CVE-2019-9428 Google Information Exposure vulnerability in Google Android 10.0

In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs.

4.3
2019-09-27 CVE-2019-9424 Google Information Exposure vulnerability in Google Android 10.0

In the Screen Lock, there is a possible information disclosure due to an unusual root cause.

4.3
2019-09-27 CVE-2019-9420 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libhevc, there is a possible out of bounds read due to an integer overflow.

4.3
2019-09-27 CVE-2019-9416 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libstagefright there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9415 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libstagefright there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9414 Google Improper Input Validation vulnerability in Google Android 10.0

In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates.

4.3
2019-09-27 CVE-2019-9412 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libSBRdec there is a possible out of bounds read due to incorrect bounds check.

4.3
2019-09-27 CVE-2019-9411 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9410 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9409 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libhevc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9408 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9406 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libhevc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9403 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In cn-cbor, there is a possible out of bounds read due to improper casting.

4.3
2019-09-27 CVE-2019-9399 Google Inadequate Encryption Strength vulnerability in Google Android 10.0

The Print Service is susceptible to man in the middle attacks due to improperly used crypto.

4.3
2019-09-27 CVE-2019-9391 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to uninitialized data.

4.3
2019-09-27 CVE-2019-9385 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9380 Google Missing Authorization vulnerability in Google Android 10.0

In the settings UI, there is a possible spoofing vulnerability due to a missing permission check.

4.3
2019-09-27 CVE-2019-9370 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In sonivox, there is a possible out of bounds read due to an incorrect bounds check.

4.3
2019-09-27 CVE-2019-9366 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libSBRdec there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9362 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libSACdec, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9361 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9359 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9354 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC server, there's a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9353 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9352 Google Improper Input Validation vulnerability in Google Android 10.0

In libstagefright, there is a possible resource exhaustion due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9338 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9337 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9336 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9335 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9334 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libhevc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9325 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libvpx, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9322 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-9321 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libavc, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9320 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libavc, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9319 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libavc, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9318 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libhevc, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9317 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libstagefright, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9316 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libstagefright, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9315 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libhevc, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9314 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libavc, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9313 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In libstagefright, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9294 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libstagefright, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9293 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libstagefright, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9283 Google Improper Input Validation vulnerability in Google Android 10.0

In AAC Codec, there is a possible resource exhaustion due to improper input validation.

4.3
2019-09-27 CVE-2019-9282 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In skia, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-9264 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds read due to missing bounds check.

4.3
2019-09-27 CVE-2019-9261 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds read due to missing bounds check.

4.3
2019-09-27 CVE-2019-9252 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libavc there is a possible out of bounds read due to uninitialized data.

4.3
2019-09-27 CVE-2019-9247 Google Missing Initialization of Resource vulnerability in Google Android 10.0

In AAC Codec, there is a missing variable initialization.

4.3
2019-09-27 CVE-2019-9237 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2172 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libxaac there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-2171 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libxaac there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-2170 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libxaac there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-2169 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libxaac there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-2168 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libxaac there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-2167 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libxaac there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-2166 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libxaac there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-2165 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2164 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2163 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2162 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2161 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2160 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2158 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2157 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2156 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2155 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2154 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2153 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2152 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2151 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2150 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2149 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2148 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2147 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2146 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2145 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2144 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2143 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2142 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2140 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In libxaac, there is a possible information disclosure due to uninitialized data.

4.3
2019-09-27 CVE-2019-2139 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2138 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2079 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-2060 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libxaac, there is a possible out of bounds read due to a missing bounds check.

4.3
2019-09-27 CVE-2019-11754 Mozilla Unspecified vulnerability in Mozilla Firefox

When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given.

4.3
2019-09-27 CVE-2019-11750 Mozilla Type Confusion vulnerability in Mozilla Firefox and Firefox ESR

A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash.

4.3
2019-09-27 CVE-2019-11749 Mozilla Unspecified vulnerability in Mozilla Firefox and Firefox ESR

A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification.

4.3
2019-09-27 CVE-2019-11748 Mozilla Improper Preservation of Permissions vulnerability in Mozilla Firefox and Firefox ESR

WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context.

4.3
2019-09-27 CVE-2019-11747 Mozilla Improper Initialization vulnerability in Mozilla Firefox

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site.

4.3
2019-09-27 CVE-2019-11744 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox

Some HTML elements, such as &lt;title&gt; and &lt;textarea&gt;, can contain literal angle brackets without treating them as markup.

4.3
2019-09-27 CVE-2019-11743 Mozilla Information Exposure Through Discrepancy vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin.

4.3
2019-09-27 CVE-2019-11742 Mozilla Inclusion of Functionality From Untrusted Control Sphere vulnerability in Mozilla Firefox

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content.

4.3
2019-09-27 CVE-2019-11741 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox

A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process.

4.3
2019-09-27 CVE-2019-11739 Mozilla Cleartext Transmission of Sensitive Information vulnerability in Mozilla Thunderbird

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward.

4.3
2019-09-27 CVE-2019-16923 Kkcms Project Cross-Site Scripting vulnerability in Kkcms Project Kkcms 1.3

kkcms 1.3 has jx.php?url= XSS.

4.3
2019-09-27 CVE-2019-13376 Phpbb Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.7

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature.

4.3
2019-09-26 CVE-2019-12562 Dnnsoftware Cross-Site Scripting vulnerability in Dnnsoftware Dotnetnuke

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page.

4.3
2019-09-26 CVE-2019-16914 Netgate Cross-Site Scripting vulnerability in Netgate Pfsense

An XSS issue was discovered in pfSense through 2.4.4-p3.

4.3
2019-09-26 CVE-2019-10092 Apache
Opensuse
Debian
Redhat
Fedoraproject
Canonical
Netapp
Oracle
Cross-Site Scripting vulnerability in multiple products

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page.

4.3
2019-09-26 CVE-2015-9447 Unitegallery Cross-Site Request Forgery (CSRF) vulnerability in Unitegallery Unite Gallery Lite

The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.

4.3
2019-09-26 CVE-2015-9444 Altosresearch Cross-Site Scripting vulnerability in Altosresearch Altos-Connect 1.3.0

The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.

4.3
2019-09-26 CVE-2015-9443 WP Accurate Form Data Project Cross-Site Request Forgery (CSRF) vulnerability in WP Accurate Form Data Project WP Accurate Form Data 1.2

The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP.

4.3
2019-09-26 CVE-2015-9442 Avenirsoft Cross-Site Request Forgery (CSRF) vulnerability in Avenirsoft Directdownload 1.0

The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.

4.3
2019-09-26 CVE-2015-9441 Bookmarkify Project Cross-Site Request Forgery (CSRF) vulnerability in Bookmarkify Project Bookmarkify 2.9.2

The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php.

4.3
2019-09-26 CVE-2015-9440 Monetize Project Cross-Site Request Forgery (CSRF) vulnerability in Monetize Project Monetize 1.03

The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new.

4.3
2019-09-26 CVE-2015-9437 Qurl Cross-Site Request Forgery (CSRF) vulnerability in Qurl Dynamic Widgets

The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.

4.3
2019-09-26 CVE-2015-9434 Kiwi Logo Carousel Project Cross-Site Request Forgery (CSRF) vulnerability in Kiwi-Logo-Carousel Project Kiwi-Logo-Carousel

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.

4.3
2019-09-26 CVE-2015-9433 WP Social Bookmarking Light Project Cross-Site Request Forgery (CSRF) vulnerability in WP Social Bookmarking Light Project WP Social Bookmarking Light

The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc.

4.3
2019-09-26 CVE-2015-9432 Thealpinepress Cross-Site Request Forgery (CSRF) vulnerability in Thealpinepress Alpine-Photo-Tile-For-Instagram

The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.

4.3
2019-09-26 CVE-2015-9431 Qtranslate X Project Cross-Site Request Forgery (CSRF) vulnerability in Qtranslate X Project Qtranslate X

The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.

4.3
2019-09-26 CVE-2015-9430 Crazy Bone Project Cross-Site Scripting vulnerability in Crazy Bone Project Crazy Bone

The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.

4.3
2019-09-26 CVE-2015-9429 Yithemes Cross-Site Request Forgery (CSRF) vulnerability in Yithemes Yith Maintenance Mode

The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.

4.3
2019-09-26 CVE-2015-9428 Wplegalpages Cross-Site Request Forgery (CSRF) vulnerability in Wplegalpages WP Legal Pages 1.0.0

The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.

4.3
2019-09-26 CVE-2015-9427 Googmonify Project Cross-Site Request Forgery (CSRF) vulnerability in Googmonify Project Googmonify 0.5.1

The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter.

4.3
2019-09-26 CVE-2015-9425 Byonepress Cross-Site Request Forgery (CSRF) vulnerability in Byonepress Social Locker

The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.

4.3
2019-09-26 CVE-2015-9424 Doc4Design Cross-Site Request Forgery (CSRF) vulnerability in Doc4Design Multicons

The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.

4.3
2019-09-26 CVE-2015-9422 Simplysymphony Cross-Site Request Forgery (CSRF) vulnerability in Simplysymphony Plugnedit 1.0/1.1/1.2

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.

4.3
2019-09-26 CVE-2015-9421 Olevmedia Cross-Site Request Forgery (CSRF) vulnerability in Olevmedia Shortcodes

The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.

4.3
2019-09-26 CVE-2015-9420 Mightymess Cross-Site Scripting vulnerability in Mightymess Soundcloud IS Gold

The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.

4.3
2019-09-26 CVE-2015-9419 Captain Slider Project Cross-Site Scripting vulnerability in Captain-Slider Project Captain-Slider 1.0.6

The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.

4.3
2019-09-26 CVE-2015-9417 Slidervilla Cross-Site Request Forgery (CSRF) vulnerability in Slidervilla Testimonial Slider

The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.

4.3
2019-09-26 CVE-2015-9416 Onthegosystems Cross-Site Scripting vulnerability in Onthegosystems Sitepress-Multilingual-Cms 2.9.3/3.2.6

The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.

4.3
2019-09-26 CVE-2015-9414 Wpsymposiumpro Cross-Site Scripting vulnerability in Wpsymposiumpro Wp-Symposium

The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.

4.3
2019-09-26 CVE-2015-9413 Eshop Project Cross-Site Request Forgery (CSRF) vulnerability in Eshop Project Eshop

The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.

4.3
2019-09-26 CVE-2015-9412 Royal Slider Project Cross-Site Scripting vulnerability in Royal-Slider Project Royal-Slider

The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.

4.3
2019-09-26 CVE-2015-9411 Gopostmatic Cross-Site Scripting vulnerability in Gopostmatic Replyable 1.4.5

The Postmatic plugin before 1.4.6 for WordPress has XSS.

4.3
2019-09-25 CVE-2017-18635 Novnc Cross-Site Scripting vulnerability in Novnc

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

4.3
2019-09-25 CVE-2019-6655 F5 Unspecified vulnerability in F5 products

On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data.

4.3
2019-09-25 CVE-2019-12205 Silverstripe Cross-Site Scripting vulnerability in Silverstripe

SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.

4.3
2019-09-25 CVE-2015-9409 ALO Easymail Project Cross-Site Request Forgery (CSRF) vulnerability in Alo-Easymail Project Alo-Easymail

The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.

4.3
2019-09-25 CVE-2019-10408 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Project Inheritance

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.

4.3
2019-09-24 CVE-2019-16725 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

4.3
2019-09-24 CVE-2019-16751 Devise Token Auth Project Cross-Site Scripting vulnerability in Devise Token Auth Project Devise Token Auth

An issue was discovered in Devise Token Auth through 1.1.2.

4.3
2019-09-24 CVE-2019-4515 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

4.3
2019-09-24 CVE-2018-9090 Redhat Cross-Site Scripting vulnerability in Redhat Tectonic

CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret.

4.3
2019-09-24 CVE-2019-16728 Cure53
Debian
Cross-Site Scripting vulnerability in multiple products

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.

4.3
2019-09-23 CVE-2019-12407 Apache Cross-Site Scripting vulnerability in Apache Jspwiki

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

4.3
2019-09-23 CVE-2019-10990 Redlion USE of Hard-Coded Credentials vulnerability in Redlion Crimson

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.

4.3
2019-09-23 CVE-2019-10090 Apache Cross-Site Scripting vulnerability in Apache Jspwiki

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

4.3
2019-09-23 CVE-2019-12404 Apache Cross-Site Scripting vulnerability in Apache Jspwiki

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

4.3
2019-09-23 CVE-2019-10089 Apache Cross-Site Scripting vulnerability in Apache Jspwiki

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

4.3
2019-09-23 CVE-2019-10087 Apache Cross-Site Scripting vulnerability in Apache Jspwiki

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

4.3
2019-09-23 CVE-2019-16719 Wtcms Project Cross-Site Request Forgery (CSRF) vulnerability in Wtcms Project Wtcms 1.0

WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.

4.3
2019-09-23 CVE-2019-16713 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.843

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

4.3
2019-09-23 CVE-2019-16712 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.843

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.

4.3
2019-09-23 CVE-2019-16711 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.840

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.

4.3
2019-09-23 CVE-2019-16710 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.835

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

4.3
2019-09-23 CVE-2019-16709 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.835

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

4.3
2019-09-23 CVE-2019-16708 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.835

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.

4.3
2019-09-23 CVE-2019-16707 Hunspell Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hunspell Project Hunspell 1.7.0

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.

4.3
2019-09-23 CVE-2019-16703 Phpmywind Cross-Site Scripting vulnerability in PHPmywind 5.6

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.

4.3
2019-09-27 CVE-2019-3736 Dell Insufficiently Protected Credentials vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component.

4.0
2019-09-27 CVE-2019-9434 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

4.0
2019-09-27 CVE-2019-9431 Google USE After Free vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a use after free.

4.0
2019-09-27 CVE-2019-4141 IBM Memory Leak vulnerability in IBM Websphere MQ and Websphere MQ Appliance

IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code.

4.0
2019-09-26 CVE-2018-11782 Apache Improper Input Validation vulnerability in Apache Subversion

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer.

4.0
2019-09-26 CVE-2019-4378 IBM Improper Input Validation vulnerability in IBM MQ

IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages.

4.0
2019-09-26 CVE-2019-12617 Silverstripe Unspecified vulnerability in Silverstripe

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.

4.0
2019-09-25 CVE-2019-10425 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Google Calendar 0.2/0.3/0.4

Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-09-25 CVE-2019-10422 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Call Remote JOB

Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-09-25 CVE-2019-10421 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Azure Event Grid Notifier 0.1

Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-09-25 CVE-2019-10416 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Violation Comments TO Gitlab

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-09-25 CVE-2019-10415 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Violation Comments TO Gitlab

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

4.0
2019-09-25 CVE-2019-10413 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Data Theorem Mobile APP Security

Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-09-25 CVE-2019-10409 Jenkins Incorrect Permission Assignment FOR Critical Resource vulnerability in Jenkins Project Inheritance

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.

4.0
2019-09-25 CVE-2019-10407 Jenkins Information Exposure vulnerability in Jenkins Project Inheritance

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.

4.0
2019-09-25 CVE-2019-10405 Jenkins Information Exposure vulnerability in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.

4.0
2019-09-23 CVE-2019-10755 Pac4J USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Pac4J

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

4.0
2019-09-23 CVE-2019-15635 Grafana Insufficiently Protected Credentials vulnerability in Grafana 5.4.0

An issue was discovered in Grafana 5.4.0.

4.0
2019-09-23 CVE-2019-16723 Cacti Authorization Bypass Through User-Controlled KEY vulnerability in Cacti

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.

4.0

81 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-09-25 CVE-2019-12203 Silverstripe Session Fixation vulnerability in Silverstripe

SilverStripe through 4.3.3 allows session fixation in the "change password" form.

3.7
2019-09-27 CVE-2019-3747 Dell Cross-Site Scripting vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability.

3.5
2019-09-27 CVE-2019-16688 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 9.0.5

Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php.

3.5
2019-09-27 CVE-2019-16687 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 9.0.5

Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php.

3.5
2019-09-27 CVE-2019-16686 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 9.0.5

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php.

3.5
2019-09-27 CVE-2019-16685 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 9.0.5

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php.

3.5
2019-09-26 CVE-2019-16524 Status301 Cross-Site Scripting vulnerability in Status301 Easy Fancybox

The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters.

3.5
2019-09-26 CVE-2019-16904 Teampass Cross-Site Scripting vulnerability in Teampass 2.1.27.36

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin.

3.5
2019-09-26 CVE-2019-14272 Silverstripe Cross-Site Scripting vulnerability in Silverstripe

In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.

3.5
2019-09-26 CVE-2015-9439 Addthis Cross-Site Scripting vulnerability in Addthis

The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.

3.5
2019-09-26 CVE-2015-9438 Display Widgets Project Cross-Site Scripting vulnerability in Display-Widgets Project Display-Widgets

The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.

3.5
2019-09-26 CVE-2015-9436 Qurl Cross-Site Scripting vulnerability in Qurl Dynamic Widgets

The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.

3.5
2019-09-26 CVE-2015-9426 Manual Image Crop Project Cross-Site Scripting vulnerability in Manual Image Crop Project Manual Image Crop

The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.

3.5
2019-09-26 CVE-2015-9423 Simplysymphony Cross-Site Scripting vulnerability in Simplysymphony Plugnedit 1.0/1.1/1.2

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.

3.5
2019-09-26 CVE-2015-9410 Blubrry Cross-Site Scripting vulnerability in Blubrry Powerpress Podcasting 6.0.4

The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.

3.5
2019-09-25 CVE-2019-16890 Halo Cross-Site Scripting vulnerability in Halo 1.1.0

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.

3.5
2019-09-25 CVE-2019-12668 Cisco Cross-Site Scripting vulnerability in Cisco IOS and IOS XE

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter.

3.5
2019-09-25 CVE-2019-12667 Cisco Cross-Site Scripting vulnerability in Cisco IOS XE

A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software.

3.5
2019-09-25 CVE-2019-4571 IBM Cross-Site Scripting vulnerability in IBM Content Navigator 3.0.0

IBM Content Navigator 3.0CD is vulnerable to cross-site scripting.

3.5
2019-09-25 CVE-2019-6653 F5 Cross-Site Scripting vulnerability in F5 Big-Iq Centralized Management

There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system.

3.5
2019-09-25 CVE-2019-10414 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins GIT Changelog

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

3.5
2019-09-25 CVE-2019-10410 Jenkins Cross-Site Scripting vulnerability in Jenkins LOG Parser

Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules.

3.5
2019-09-25 CVE-2019-10406 Jenkins Cross-Site Scripting vulnerability in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.

3.5
2019-09-25 CVE-2019-10404 Jenkins Cross-Site Scripting vulnerability in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors.

3.5
2019-09-25 CVE-2019-10403 Jenkins Cross-Site Scripting vulnerability in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.

3.5
2019-09-25 CVE-2019-10402 Jenkins Cross-Site Scripting vulnerability in Jenkins

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.

3.5
2019-09-25 CVE-2019-10401 Jenkins Cross-Site Scripting vulnerability in Jenkins

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).

3.5
2019-09-23 CVE-2019-16704 Phpmywind Cross-Site Scripting vulnerability in PHPmywind 5.6

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.

3.5
2019-09-27 CVE-2019-16924 Nuvending Cleartext Transmission of Sensitive Information vulnerability in Nuvending Nulock 1.5.0

The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock.

3.3
2019-09-25 CVE-2019-6654 F5 Improper Input Validation vulnerability in F5 products

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface).

3.3
2019-09-23 CVE-2019-16518 Vandyvape Exposure of Resource TO Wrong Sphere vulnerability in Vandyvape Swell KIT MOD Firmware 2.0.2

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform.

3.3
2019-09-26 CVE-2019-16910 ARM
Fedoraproject
Information Exposure vulnerability in multiple products

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times.

2.6
2019-09-25 CVE-2019-13627 Canonical
Opensuse
Libgcrypt20 Project
Debian
Race Condition vulnerability in multiple products

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library.

2.6
2019-09-27 CVE-2019-9440 Google Externally Controlled Reference TO A Resource in Another Sphere vulnerability in Google Android 10.0

In AOSP Email, there is a possible information disclosure due to a confused deputy.

2.1
2019-09-27 CVE-2019-9438 Google Externally Controlled Reference TO A Resource in Another Sphere vulnerability in Google Android 10.0

In the Package Manager service, there is a possible information disclosure due to a confused deputy.

2.1
2019-09-27 CVE-2019-9435 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

2.1
2019-09-27 CVE-2019-9427 Google USE After Free vulnerability in Google Android 10.0

In Bluetooth, there is a possible information disclosure due to a use after free.

2.1
2019-09-27 CVE-2019-9417 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

2.1
2019-09-27 CVE-2019-9377 Google Missing Authorization vulnerability in Google Android 10.0

In FingerprintService, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check.

2.1
2019-09-27 CVE-2019-9373 Google Deserialization of Untrusted Data vulnerability in Google Android 10.0

In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute.

2.1
2019-09-27 CVE-2019-9369 Google USE of Uninitialized Resource vulnerability in Google Android 10.0

In Bluetooth, there is a use of uninitialized variable.

2.1
2019-09-27 CVE-2019-9368 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

2.1
2019-09-27 CVE-2019-9364 Google Incorrect Authorization vulnerability in Google Android 10.0

In AudioService, there is a possible trigger of background user audio due to a permissions bypass.

2.1
2019-09-27 CVE-2019-9351 Google Missing Authorization vulnerability in Google Android 10.0

In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check.

2.1
2019-09-27 CVE-2019-9347 Google USE After Free vulnerability in Google Android 10.0

In the m4v_h263 codec, there is a possible out of bounds read due to a use after free.

2.1
2019-09-27 CVE-2019-9312 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

2.1
2019-09-27 CVE-2019-9292 Google Externally Controlled Reference TO A Resource in Another Sphere vulnerability in Google Android 10.0

In the Activity Manager service, there is a possible information disclosure due to a confused deputy.

2.1
2019-09-27 CVE-2019-9289 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

2.1
2019-09-27 CVE-2019-9287 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

2.1
2019-09-27 CVE-2019-9280 Google Unspecified vulnerability in Google Android 10.0

In keyguard, there is a possible escalation of privilege due to improper permission checks.

2.1
2019-09-27 CVE-2019-9277 Google Information Exposure Through LOG Files vulnerability in Google Android 10.0

In the proc filesystem, there is a possible information disclosure due to log information disclosure.

2.1
2019-09-27 CVE-2019-9272 Google Incorrect Authorization vulnerability in Google Android 10.0

In WiFi, there is a possible leak of WiFi state due to a permissions bypass.

2.1
2019-09-27 CVE-2019-9268 Google USE After Free vulnerability in Google Android 10.0

In libstagefright, there is a possible use-after-free due to improper locking.

2.1
2019-09-27 CVE-2019-9249 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

2.1
2019-09-27 CVE-2019-9243 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check.

2.1
2019-09-27 CVE-2019-2191 Google Information Exposure vulnerability in Google Android 10.0

In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check.

2.1
2019-09-27 CVE-2019-2190 Google Information Exposure vulnerability in Google Android 10.0

In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check.

2.1
2019-09-27 CVE-2018-9581 Google Information Exposure vulnerability in Google Android 10.0

In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents.

2.1
2019-09-25 CVE-2019-10430 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Neuvector vulnerability Scanner

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

2.1
2019-09-25 CVE-2019-10429 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Gitlab Logo 1.0.0/1.0.1/1.0.3

Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

2.1
2019-09-25 CVE-2019-10426 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins GEM Publisher 1.0

Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

2.1
2019-09-25 CVE-2019-10424 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Eloyente

Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

2.1
2019-09-25 CVE-2019-10423 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Codescan 0.11

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

2.1
2019-09-25 CVE-2019-10420 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Assembla

Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

2.1
2019-09-25 CVE-2019-10419 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Vfabric Application Director 1.2/1.3

Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

2.1
2019-09-24 CVE-2019-13528 Tridium Unspecified vulnerability in Tridium Niagara4 and Niagara AX

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).

2.1
2019-09-24 CVE-2019-12068 Qemu
Debian
Canonical
Opensuse
Infinite Loop vulnerability in multiple products

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode.

2.1
2019-09-24 CVE-2019-4566 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security KEY Lifecycle Manager

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user.

2.1
2019-09-27 CVE-2019-9421 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In libandroidfw, there is a possible OOB read due to an integer overflow.

1.9
2019-09-27 CVE-2019-9383 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC server, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9356 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC server, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9344 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC server, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9296 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9251 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9246 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9244 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9242 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9240 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9239 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9236 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9
2019-09-27 CVE-2019-9235 Google Out-Of-Bounds Read vulnerability in Google Android 10.0

In NFC, there is a possible out of bounds read due to a missing bounds check.

1.9