Weekly Vulnerabilities Reports > September 23 to 29, 2019
Overview
553 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 79 high severity vulnerabilities. This weekly summary report vulnerabilities in 616 products from 148 vendors including Google, Jenkins, Cisco, Canonical, and Mozilla. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Cross-site Scripting", "Out-of-bounds Write", "Improper Input Validation", and "Cross-Site Request Forgery (CSRF)".
- 443 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 118 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 478 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 263 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-09-27 | CVE-2019-8074 | Adobe | Path Traversal vulnerability in Adobe Coldfusion 2016/2018 ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. | 10.0 |
2019-09-27 | CVE-2019-8073 | Adobe | Command Injection vulnerability in Adobe Coldfusion 2016/2018 ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. | 10.0 |
2019-09-25 | CVE-2019-15067 | Gigastone | Unspecified vulnerability in Gigastone Smart Battery A2-25De Firmware 20131016 An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. | 10.0 |
2019-09-23 | CVE-2019-3416 | ZTE | Improper Input Validation vulnerability in ZTE Zxv10 B860A Firmware All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. | 10.0 |
2019-09-25 | CVE-2019-10418 | Jenkins | Unspecified vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6 Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 |
2019-09-25 | CVE-2019-10417 | Jenkins | Unspecified vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6 Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 |
2019-09-27 | CVE-2019-16928 | Exim Canonical Debian Fedoraproject | Out-of-bounds Write vulnerability in multiple products Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. | 9.8 |
2019-09-27 | CVE-2019-16920 | Dlink | OS Command Injection vulnerability in Dlink products Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. | 9.8 |
2019-09-25 | CVE-2019-15068 | Gigastone | Missing Authentication for Critical Function vulnerability in Gigastone Smart Battery A4 Firmware R1.7.9 A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. | 9.8 |
2019-09-24 | CVE-2019-16746 | Linux Debian Canonical Fedoraproject Opensuse | Classic Buffer Overflow vulnerability in multiple products An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. | 9.8 |
2019-09-27 | CVE-2019-11752 | Mozilla | Use After Free vulnerability in Mozilla Firefox It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. | 9.3 |
2019-09-26 | CVE-2019-10082 | Apache Oracle | Use After Free vulnerability in multiple products In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. | 9.1 |
2019-09-25 | CVE-2019-12651 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. | 9.0 |
2019-09-25 | CVE-2019-12648 | Cisco | Incorrect Authorization vulnerability in Cisco IOS 15.7(3)M3 A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. | 9.0 |
2019-09-25 | CVE-2019-16701 | Netgate | OS Command Injection vulnerability in Netgate Pfsense pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. | 9.0 |
79 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-09-27 | CVE-2019-9278 | Google Opensuse Fedoraproject Debian Canonical | Integer Overflow or Wraparound vulnerability in multiple products In libexif, there is a possible out of bounds write due to an integer overflow. | 8.8 |
2019-09-25 | CVE-2019-12650 | Cisco | OS Command Injection vulnerability in Cisco IOS and IOS XE Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. | 8.8 |
2019-09-27 | CVE-2019-9423 | Out-of-bounds Write vulnerability in Google Android 10.0 In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2019-09-27 | CVE-2019-9853 | Libreoffice | Improper Encoding or Escaping of Output vulnerability in Libreoffice LibreOffice documents can contain macros. | 7.8 |
2019-09-26 | CVE-2019-6175 | Lenovo | Unspecified vulnerability in Lenovo System Update A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | 7.8 |
2019-09-25 | CVE-2019-12671 | Cisco | Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). | 7.8 |
2019-09-25 | CVE-2019-12669 | Cisco | Improper Input Validation vulnerability in Cisco IOS 15.2(3)E/15.2(3)E5/16.11.1 A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
2019-09-25 | CVE-2019-12663 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1/16.6.4 A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.8 |
2019-09-25 | CVE-2019-12658 | Cisco | Resource Exhaustion vulnerability in Cisco IOS XE 16.6.1/16.8.1 A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. | 7.8 |
2019-09-25 | CVE-2019-12657 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE 16.3.6 A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.8 |
2019-09-25 | CVE-2019-12655 | Cisco | Classic Buffer Overflow vulnerability in Cisco IOS A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.8 |
2019-09-25 | CVE-2019-12653 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE 16.10.1/16.9 A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.8 |
2019-09-25 | CVE-2019-12652 | Cisco | Resource Exhaustion vulnerability in Cisco IOS 15.2(3)E1/15.2(4)E3 A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
2019-09-25 | CVE-2019-16889 | UI | Allocation of Resources Without Limits or Throttling vulnerability in UI products Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. | 7.8 |
2019-09-25 | CVE-2019-12647 | Cisco | NULL Pointer Dereference vulnerability in Cisco IOS XE Fuji16.7.1/Fuji16.8.1 A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.8 |
2019-09-24 | CVE-2019-16729 | PAM Python Project Debian Canonical | pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. | 7.8 |
2019-09-23 | CVE-2019-10996 | Redlion | Use After Free vulnerability in Redlion Crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. | 7.8 |
2019-09-23 | CVE-2019-10984 | Redlion | Unspecified vulnerability in Redlion Crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. | 7.8 |
2019-09-23 | CVE-2019-10978 | Redlion | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redlion Crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. | 7.8 |
2019-09-23 | CVE-2019-1367 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
2019-09-27 | CVE-2019-3766 | Dell | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Elastic Cloud Storage Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. | 7.5 |
2019-09-27 | CVE-2019-9459 | Classic Buffer Overflow vulnerability in Google Android 10.0 In libttspico, there is a possible OOB write due to a heap buffer overflow. | 7.5 | |
2019-09-27 | CVE-2019-9365 | Deserialization of Untrusted Data vulnerability in Google Android 10.0 In Bluetooth, there is a possible deserialization error due to missing string validation. | 7.5 | |
2019-09-27 | CVE-2019-9301 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 7.5 | |
2019-09-27 | CVE-2019-9232 | Google Canonical Opensuse Fedoraproject Debian | Out-of-bounds Read vulnerability in multiple products In libvpx, there is a possible out of bounds read due to a missing bounds check. | 7.5 |
2019-09-27 | CVE-2019-11734 | Mozilla | Classic Buffer Overflow vulnerability in Mozilla Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 68. | 7.5 |
2019-09-27 | CVE-2019-8075 | Adobe Debian Fedoraproject | Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. | 7.5 |
2019-09-26 | CVE-2019-11278 | Cloudfoundry | Improper Input Validation vulnerability in Cloudfoundry User Account and Authentication CF UAA versions prior to 74.1.0, allow external input to be directly queried against. | 7.5 |
2019-09-26 | CVE-2019-16915 | Netgate | Improper Input Validation vulnerability in Netgate Pfsense An issue was discovered in pfSense through 2.4.4-p3. | 7.5 |
2019-09-26 | CVE-2019-16894 | Inoideas | Deserialization of Untrusted Data vulnerability in Inoideas Inoerp 4.15 download.php in inoERP 4.15 allows SQL injection through insecure deserialization. | 7.5 |
2019-09-26 | CVE-2019-16869 | Netty Debian Canonical Redhat | HTTP Request Smuggling vulnerability in multiple products Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | 7.5 |
2019-09-26 | CVE-2019-16755 | BMC | Deserialization of Untrusted Data vulnerability in BMC Myit Digital Workplace BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. | 7.5 |
2019-09-26 | CVE-2019-14844 | MIT Fedoraproject | Function Call with Incorrectly Specified Arguments vulnerability in multiple products A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". | 7.5 |
2019-09-26 | CVE-2015-9435 | Dash10 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dash10 Oauth Server The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. | 7.5 |
2019-09-25 | CVE-2019-12664 | Cisco | Improper Authentication vulnerability in Cisco IOS XE 16.6.4 A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. | 7.5 |
2019-09-25 | CVE-2019-12654 | Cisco | NULL Pointer Dereference vulnerability in Cisco IOS XE 15.6(1)S4.2/16.3.8/16.9.1 A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.5 |
2019-09-25 | CVE-2019-6656 | F5 | Information Exposure Through Log Files vulnerability in F5 products BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. | 7.5 |
2019-09-25 | CVE-2019-15941 | Lemonldap NG Debian | Incorrect Authorization vulnerability in multiple products OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. | 7.5 |
2019-09-25 | CVE-2019-12646 | Cisco | Improper Initialization vulnerability in Cisco IOS XE A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
2019-09-25 | CVE-2019-15069 | Gigastone | Unspecified vulnerability in Gigastone Smart Battery A4 Firmware R1.7.9 An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . | 7.5 |
2019-09-25 | CVE-2019-12204 | Silverstripe | Unspecified vulnerability in Silverstripe In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | 7.5 |
2019-09-25 | CVE-2019-16884 | Linuxfoundation Docker Fedoraproject Opensuse Redhat Canonical | Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | 7.5 |
2019-09-25 | CVE-2019-16881 | Portaudio RS Project | Use After Free vulnerability in Portaudio-Rs Project Portaudio-Rs 0.3.0/0.3.1 An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. | 7.5 |
2019-09-25 | CVE-2019-16880 | Linea Project | Double Free vulnerability in Linea Project Linea An issue was discovered in the linea crate through 0.9.4 for Rust. | 7.5 |
2019-09-25 | CVE-2019-16194 | Centreon | SQL Injection vulnerability in Centreon SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | 7.5 |
2019-09-25 | CVE-2019-10428 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Aqua Security Scanner Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
2019-09-25 | CVE-2019-10412 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Inedo Proget Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
2019-09-25 | CVE-2019-10411 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Inedo Buildmaster Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
2019-09-25 | CVE-2019-16868 | Emlog | Path Traversal vulnerability in Emlog 3.5.1/5.3.1/6.0.0 emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | 7.5 |
2019-09-24 | CVE-2019-16759 | Vbulletin | Improper Input Validation vulnerability in Vbulletin vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | 7.5 |
2019-09-24 | CVE-2019-16724 | Upredsun | Classic Buffer Overflow vulnerability in Upredsun File Sharing Wizard 1.5.0 File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331. | 7.5 |
2019-09-24 | CVE-2019-5504 | Netapp | Improper Input Validation vulnerability in Netapp Ontap Select Deploy Administration Utility 2.12/2.12.1 ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. | 7.5 |
2019-09-24 | CVE-2019-16411 | Suricata IDS | Out-of-bounds Read vulnerability in Suricata-Ids Suricata 4.1.4 An issue was discovered in Suricata 4.1.4. | 7.5 |
2019-09-24 | CVE-2019-16383 | Ipswitch | SQL Injection vulnerability in Ipswitch Moveit Transfer 10.2.0/11.0/11.1 MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. | 7.5 |
2019-09-24 | CVE-2019-16748 | Wolfssl | Out-of-bounds Read vulnerability in Wolfssl In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. | 7.5 |
2019-09-23 | CVE-2019-16377 | Makandra | Unspecified vulnerability in Makandra Consul The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. | 7.5 |
2019-09-23 | CVE-2019-16722 | Zzzcms | Improper Input Validation vulnerability in Zzzcms Zzzphp 1.7.2 ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | 7.5 |
2019-09-23 | CVE-2019-16714 | Linux Canonical F5 | Missing Initialization of Resource vulnerability in multiple products In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | 7.5 |
2019-09-23 | CVE-2019-16702 | Integard PRO Project | Classic Buffer Overflow vulnerability in Integard PRO Project Integard PRO 2.2.0.9026 Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. | 7.5 |
2019-09-27 | CVE-2019-9384 | Unspecified vulnerability in Google Android 10.0 In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check. | 7.2 | |
2019-09-27 | CVE-2019-9266 | Out-of-bounds Write vulnerability in Google Android 10.0 In sensorservice, there is a possible out of bounds write due to a missing bounds check. | 7.2 | |
2019-09-27 | CVE-2019-9259 | Use After Free vulnerability in Google Android 10.0 In the Bluetooth stack, there is a possible out of bounds write due to a use after free. | 7.2 | |
2019-09-27 | CVE-2018-19592 | Corsair | Incorrect Default Permissions vulnerability in Corsair Link 4.9.7.35 The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. | 7.2 |
2019-09-26 | CVE-2019-12091 | Netskope | OS Command Injection vulnerability in Netskope 57/60 The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. | 7.2 |
2019-09-26 | CVE-2019-10882 | Netskope | Out-of-bounds Write vulnerability in Netskope 57/60 The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. | 7.2 |
2019-09-26 | CVE-2019-10097 | Apache Oracle | NULL Pointer Dereference vulnerability in multiple products In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. | 7.2 |
2019-09-25 | CVE-2019-16253 | Samsung | Unspecified vulnerability in Samsung Text-To-Speech The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. | 7.2 |
2019-09-25 | CVE-2019-12717 | Cisco | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. | 7.2 |
2019-09-25 | CVE-2019-12709 | Cisco | OS Command Injection vulnerability in Cisco IOS XR A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. | 7.2 |
2019-09-25 | CVE-2019-12672 | Cisco | Link Following vulnerability in Cisco IOS 16.9.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. | 7.2 |
2019-09-25 | CVE-2019-12666 | Cisco | Path Traversal vulnerability in Cisco IOS XE A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. | 7.2 |
2019-09-25 | CVE-2019-12662 | Cisco | Improper Verification of Cryptographic Signature vulnerability in Cisco products A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. | 7.2 |
2019-09-25 | CVE-2019-12661 | Cisco | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. | 7.2 |
2019-09-25 | CVE-2019-12649 | Cisco | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS and IOS XE A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. | 7.2 |
2019-09-27 | CVE-2019-9418 | Improper Input Validation vulnerability in Google Android 10.0 In libstagefright, there is a possible resource exhaustion due to a missing bounds check. | 7.1 | |
2019-09-27 | CVE-2019-9379 | Improper Input Validation vulnerability in Google Android 10.0 In libstagefright, there is a possible resource exhaustion due to a missing bounds check. | 7.1 | |
2019-09-27 | CVE-2019-9372 | Improper Input Validation vulnerability in Google Android 10.0 In libskia, there is a possible crash due to a missing null check. | 7.1 | |
2019-09-27 | CVE-2019-9349 | Resource Exhaustion vulnerability in Google Android 10.0 In libstagefright, there is a possible resource exhaustion due to improper input validation. | 7.1 | |
2019-09-27 | CVE-2019-9348 | Improper Input Validation vulnerability in Google Android 10.0 In libstagefright, there is a possible resource exhaustion due to improper input validation. | 7.1 |
401 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-09-27 | CVE-2019-9386 | Out-of-bounds Write vulnerability in Google Android 10.0 In NFC server, there is a possible out of bounds write due to a missing bounds check. | 6.9 | |
2019-09-27 | CVE-2019-9375 | Race Condition vulnerability in Google Android 10.0 In hostapd, there is a possible out of bounds write due to a race condition. | 6.9 | |
2019-09-27 | CVE-2019-9238 | Out-of-bounds Write vulnerability in Google Android 10.0 In the NFC stack, there is a possible out of bounds write due to a missing bounds check. | 6.9 | |
2019-09-27 | CVE-2019-2189 | Race Condition vulnerability in Google Android 10.0 In the Easel driver, there is possible memory corruption due to race conditions. | 6.9 | |
2019-09-27 | CVE-2019-2188 | Race Condition vulnerability in Google Android 10.0 In the Easel driver, there is possible memory corruption due to race conditions. | 6.9 | |
2019-09-28 | CVE-2019-16941 | NSA | XML Injection (aka Blind XPath Injection) vulnerability in NSA Ghidra NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. | 6.8 |
2019-09-27 | CVE-2019-11927 | Out-of-bounds Write vulnerability in Whatsapp An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. | 6.8 | |
2019-09-27 | CVE-2019-9405 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9382 | Out-of-bounds Write vulnerability in Google Android 10.0 In libeffects, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-9363 | Out-of-bounds Write vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-9357 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9346 | Out-of-bounds Write vulnerability in Google Android 10.0 In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9310 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libFDK, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9308 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9307 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9306 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9305 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9304 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9303 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libFDK, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9302 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9300 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9299 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9298 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9297 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libAACdec, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9291 | Allocation of Resources Without Limits or Throttling vulnerability in Google Android 10.0 In Bluetooth, there is a possible remote code execution due to an improper memory allocation. | 6.8 | |
2019-09-27 | CVE-2019-9288 | Out-of-bounds Write vulnerability in Google Android 10.0 In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-9262 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-9256 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In libmediaextractor there is a possible out of bounds write due to an integer overflow. | 6.8 | |
2019-09-27 | CVE-2019-2159 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2141 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2087 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2086 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2085 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2084 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2083 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2082 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2081 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2080 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2078 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2077 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2076 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2075 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2074 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2073 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write to missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2072 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2071 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2070 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2069 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2068 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2067 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2066 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2065 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2064 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2063 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2062 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2061 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2059 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-2055 | Out-of-bounds Write vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2019-09-27 | CVE-2019-11751 | Mozilla Microsoft | Argument Injection or Modification vulnerability in Mozilla Firefox and Firefox ESR Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. | 6.8 |
2019-09-27 | CVE-2019-11746 | Mozilla | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. | 6.8 |
2019-09-27 | CVE-2019-11740 | Mozilla Canonical Opensuse | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. | 6.8 |
2019-09-27 | CVE-2019-11738 | Mozilla Opensuse | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. | 6.8 |
2019-09-27 | CVE-2019-11735 | Mozilla Opensuse | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. | 6.8 |
2019-09-26 | CVE-2019-16667 | Netgate | Cross-Site Request Forgery (CSRF) vulnerability in Netgate Pfsense 2.4.4 diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. | 6.8 |
2019-09-26 | CVE-2015-9445 | Unitegallery | Cross-Site Request Forgery (CSRF) vulnerability in Unitegallery Unite Gallery Lite The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | 6.8 |
2019-09-25 | CVE-2019-16887 | Irfanview | Classic Buffer Overflow vulnerability in Irfanview 4.53 In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | 6.8 |
2019-09-24 | CVE-2019-13527 | Rockwellautomation | Access of Uninitialized Pointer vulnerability in Rockwellautomation Arena Simulation Software In Rockwell Automation Arena Simulation Software Cat. | 6.8 |
2019-09-23 | CVE-2019-16718 | Radare | OS Command Injection vulnerability in Radare Radare2 In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. | 6.8 |
2019-09-23 | CVE-2019-16706 | Kkcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Kkcms Project Kkcms 1.3 kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | 6.8 |
2019-09-24 | CVE-2019-5094 | E2Fsprogs Project Debian Fedoraproject Canonical Netapp | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. | 6.7 |
2019-09-27 | CVE-2019-3746 | Dell | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2 Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. | 6.5 |
2019-09-27 | CVE-2019-9433 | Google Opensuse Fedoraproject Debian Canonical | Improper Input Validation vulnerability in multiple products In libvpx, there is a possible information disclosure due to improper input validation. | 6.5 |
2019-09-27 | CVE-2019-9371 | Google Opensuse Fedoraproject Debian Canonical | Improper Input Validation vulnerability in multiple products In libvpx, there is a possible resource exhaustion due to improper input validation. | 6.5 |
2019-09-27 | CVE-2019-9325 | Google Canonical Fedoraproject Opensuse Debian | Out-of-bounds Read vulnerability in multiple products In libvpx, there is a possible out of bounds read due to a missing bounds check. | 6.5 |
2019-09-27 | CVE-2019-4141 | IBM | Memory Leak vulnerability in IBM Websphere MQ and Websphere MQ Appliance IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. | 6.5 |
2019-09-26 | CVE-2019-11279 | Cloudfoundry | Improper Privilege Management vulnerability in Cloudfoundry UAA Release CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. | 6.5 |
2019-09-26 | CVE-2015-9448 | Pressified | SQL Injection vulnerability in Pressified Sendpress The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | 6.5 |
2019-09-26 | CVE-2015-9446 | Unitegallery | SQL Injection vulnerability in Unitegallery Unite Gallery Lite The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | 6.5 |
2019-09-26 | CVE-2015-9449 | Efficientscripts | SQL Injection vulnerability in Efficientscripts Microblog Poster The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | 6.5 |
2019-09-25 | CVE-2019-14666 | Glpi Project | Information Exposure vulnerability in Glpi-Project Glpi GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. | 6.5 |
2019-09-25 | CVE-2019-6652 | F5 | Cleartext Transmission of Sensitive Information vulnerability in F5 Big-Iq Centralized Management 6.0.1 In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS). | 6.5 |
2019-09-25 | CVE-2019-10425 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Google Calendar 0.2/0.3/0.4 Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2019-09-25 | CVE-2019-10422 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Call Remote JOB Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2019-09-25 | CVE-2019-10416 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Violation Comments to Gitlab Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2019-09-25 | CVE-2019-10415 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Violation Comments to Gitlab Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 6.5 |
2019-09-25 | CVE-2019-10414 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins GIT Changelog Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2019-09-25 | CVE-2019-10413 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Data Theorem Mobile APP Security Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
2019-09-25 | CVE-2019-10407 | Jenkins | Information Exposure vulnerability in Jenkins Project Inheritance Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. | 6.5 |
2019-09-24 | CVE-2019-4515 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2019-09-23 | CVE-2019-10990 | Redlion | Use of Hard-coded Credentials vulnerability in Redlion Crimson Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | 6.5 |
2019-09-23 | CVE-2019-16707 | Hunspell Project Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | 6.5 |
2019-09-27 | CVE-2019-16902 | Reputeinfosystems | Improper Input Validation vulnerability in Reputeinfosystems Arforms 3.7.1 In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. | 6.4 |
2019-09-24 | CVE-2019-16410 | Suricata IDS | Out-of-bounds Read vulnerability in Suricata-Ids Suricata 4.1.4 An issue was discovered in Suricata 4.1.4. | 6.4 |
2019-09-24 | CVE-2019-15699 | Suricata IDS | Out-of-bounds Read vulnerability in Suricata-Ids Suricata 4.1.4 An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. | 6.4 |
2019-09-23 | CVE-2019-16705 | Libming | Out-of-bounds Read vulnerability in Libming 0.4.8 Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. | 6.4 |
2019-09-24 | CVE-2019-3726 | Dell | Uncontrolled Search Path Element vulnerability in Dell Update Package Framework 19.1.0.413/3.8.3.67 An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. | 6.2 |
2019-09-28 | CVE-2019-16935 | Python Debian Canonical | Cross-site Scripting vulnerability in multiple products The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. | 6.1 |
2019-09-28 | CVE-2019-16926 | Flower Project | Cross-site Scripting vulnerability in Flower Project Flower 1.0.0 Flower 0.9.3 has XSS via a crafted worker name. | 6.1 |
2019-09-28 | CVE-2019-16925 | Flower Project | Cross-site Scripting vulnerability in Flower Project Flower 1.0.0 Flower 0.9.3 has XSS via the name parameter in an @app.task call. | 6.1 |
2019-09-26 | CVE-2019-10092 | Apache Opensuse Debian Redhat Fedoraproject Canonical Netapp Oracle | Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. | 6.1 |
2019-09-25 | CVE-2019-10098 | Apache | Open Redirect vulnerability in Apache Http Server In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | 6.1 |
2019-09-26 | CVE-2019-16532 | Yzmcms | Injection vulnerability in Yzmcms 5.3 An HTTP Host header injection vulnerability exists in YzmCMS V5.3. | 5.8 |
2019-09-26 | CVE-2015-9418 | Kibokolabs | Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Watupro The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | 5.8 |
2019-09-25 | CVE-2019-12665 | Cisco | Unspecified vulnerability in Cisco IOS 15.6(2)T/Fd1.5.0 A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. | 5.8 |
2019-09-25 | CVE-2019-16188 | Hcltech | XXE vulnerability in Hcltech Appscan Source HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. | 5.8 |
2019-09-23 | CVE-2019-16721 | 5None | Cross-Site Request Forgery (CSRF) vulnerability in 5None Nonecms 1.3.0 NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. | 5.8 |
2019-09-25 | CVE-2019-16892 | Rubyzip Project Fedoraproject Redhat | In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. | 5.5 |
2019-09-25 | CVE-2019-10430 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Neuvector vulnerability Scanner Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 |
2019-09-25 | CVE-2019-10429 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Gitlab Logo 1.0.0/1.0.1/1.0.3 Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 |
2019-09-25 | CVE-2019-10426 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins GEM Publisher 1.0 Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 |
2019-09-25 | CVE-2019-10424 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Eloyente Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 |
2019-09-25 | CVE-2019-10423 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Codescan 0.11 Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 |
2019-09-25 | CVE-2019-10420 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Assembla Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 |
2019-09-25 | CVE-2019-10419 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Vfabric Application Director 1.2/1.3 Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.5 |
2019-09-25 | CVE-2019-16867 | Hongcms Project | Improper Input Validation vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. | 5.5 |
2019-09-24 | CVE-2019-4566 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
2019-09-23 | CVE-2019-10754 | Apereo | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apereo Central Authentication Service Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. | 5.5 |
2019-09-23 | CVE-2019-11277 | Cloudfoundry | Injection vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. | 5.5 |
2019-09-27 | CVE-2019-16688 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. | 5.4 |
2019-09-27 | CVE-2019-16687 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. | 5.4 |
2019-09-27 | CVE-2019-16686 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. | 5.4 |
2019-09-27 | CVE-2019-16685 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. | 5.4 |
2019-09-26 | CVE-2015-9410 | Blubrry | Cross-site Scripting vulnerability in Blubrry Powerpress 6.0.4 The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter. | 5.4 |
2019-09-25 | CVE-2019-4571 | IBM | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. | 5.4 |
2019-09-25 | CVE-2019-6653 | F5 | Cross-site Scripting vulnerability in F5 Big-Iq Centralized Management There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. | 5.4 |
2019-09-25 | CVE-2019-10410 | Jenkins | Cross-site Scripting vulnerability in Jenkins LOG Parser Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. | 5.4 |
2019-09-25 | CVE-2019-10405 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. | 5.4 |
2019-09-25 | CVE-2019-10404 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. | 5.4 |
2019-09-25 | CVE-2019-10403 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. | 5.4 |
2019-09-25 | CVE-2019-10402 | Jenkins | Cross-site Scripting vulnerability in Jenkins In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. | 5.4 |
2019-09-25 | CVE-2019-10401 | Jenkins | Cross-site Scripting vulnerability in Jenkins In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). | 5.4 |
2019-09-26 | CVE-2019-16910 | ARM Fedoraproject Debian | Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. | 5.3 |
2019-09-26 | CVE-2019-16738 | Mediawiki Fedoraproject Debian | Missing Authorization vulnerability in multiple products In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. | 5.3 |
2019-09-25 | CVE-2019-6655 | F5 | Unspecified vulnerability in F5 products On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data. | 5.3 |
2019-09-25 | CVE-2019-6651 | F5 | Information Exposure Through Discrepancy vulnerability in F5 products In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request. | 5.3 |
2019-09-25 | CVE-2019-10427 | Jenkins | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Aqua Microscanner Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 5.3 |
2019-09-28 | CVE-2019-16930 | Z Cash | Improper Handling of Exceptional Conditions vulnerability in Z.Cash Zcash Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. | 5.0 |
2019-09-27 | CVE-2019-9462 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9432 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to improper input validation. | 5.0 | |
2019-09-27 | CVE-2019-9430 | NULL Pointer Dereference vulnerability in Google Android 10.0 In Bluetooth, there is a possible null pointer dereference due to a missing null check. | 5.0 | |
2019-09-27 | CVE-2019-9425 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9422 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9419 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9413 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9404 | Improper Input Validation vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9402 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9401 | Improper Input Validation vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9400 | NULL Pointer Dereference vulnerability in Google Android 10.0 In Bluetooth, there is a possible null pointer dereference due to a missing null check. | 5.0 | |
2019-09-27 | CVE-2019-9398 | Improper Input Validation vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9397 | Improper Input Validation vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9396 | Improper Input Validation vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9395 | Improper Input Validation vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9394 | Improper Input Validation vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9393 | Improper Input Validation vulnerability in Google Android 10.0 In Bluetooth, there is possible controlled termination due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9390 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9389 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9388 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9387 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9381 | Use After Free vulnerability in Google Android 10.0 In netd, there is a possible out of bounds read due to a use after free. | 5.0 | |
2019-09-27 | CVE-2019-9367 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9355 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9343 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9342 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9341 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9333 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9332 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9331 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9330 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9329 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to uninitialized data. | 5.0 | |
2019-09-27 | CVE-2019-9328 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9327 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9326 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9323 | Missing Authorization vulnerability in Google Android 10.0 In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. | 5.0 | |
2019-09-27 | CVE-2019-9311 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In Bluetooth, there is a possible crash due to an integer overflow. | 5.0 | |
2019-09-27 | CVE-2019-9286 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9285 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9284 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9281 | Path Traversal vulnerability in Google Android 10.0 In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. | 5.0 | |
2019-09-27 | CVE-2019-9279 | NULL Pointer Dereference vulnerability in Google Android 10.0 In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. | 5.0 | |
2019-09-27 | CVE-2019-9265 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9260 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9250 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9241 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9234 | Out-of-bounds Read vulnerability in Google Android 10.0 In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. | 5.0 | |
2019-09-27 | CVE-2019-9233 | Out-of-bounds Read vulnerability in Google Android 10.0 In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. | 5.0 | |
2019-09-27 | CVE-2019-11755 | Mozilla | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. | 5.0 |
2019-09-27 | CVE-2019-11737 | Mozilla | Insufficient Verification of Data Authenticity vulnerability in Mozilla Firefox If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. | 5.0 |
2019-09-27 | CVE-2019-11733 | Mozilla | Improper Authentication vulnerability in Mozilla Firefox and Firefox ESR When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. | 5.0 |
2019-09-27 | CVE-2019-8072 | Adobe | Information Exposure vulnerability in Adobe Coldfusion 2016/2018 ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. | 5.0 |
2019-09-27 | CVE-2019-16922 | Salesagility | Information Exposure vulnerability in Salesagility Suitecrm SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. | 5.0 |
2019-09-27 | CVE-2019-16921 | Linux | Improper Initialization vulnerability in Linux Kernel In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. | 5.0 |
2019-09-26 | CVE-2019-15891 | Cksource | Information Exposure vulnerability in Cksource Ckfinder An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. | 5.0 |
2019-09-26 | CVE-2019-15862 | Cksource | Unrestricted Upload of File with Dangerous Type vulnerability in Cksource Ckfinder An issue was discovered in CKFinder through 2.6.2.1. | 5.0 |
2019-09-26 | CVE-2019-6161 | Lenovo | Session Fixation vulnerability in Lenovo CP Storage Block Firmware An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. | 5.0 |
2019-09-26 | CVE-2019-16409 | Symbiote Silverstripe | Information Exposure vulnerability in multiple products In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. | 5.0 |
2019-09-26 | CVE-2019-13523 | Honeywell | Missing Authentication for Critical Function vulnerability in Honeywell products In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. | 5.0 |
2019-09-26 | CVE-2019-0203 | Apache | Improper Input Validation vulnerability in Apache Subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. | 5.0 |
2019-09-26 | CVE-2019-4262 | IBM | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). | 5.0 |
2019-09-26 | CVE-2019-14273 | Silverstripe | Files or Directories Accessible to External Parties vulnerability in Silverstripe In SilverStripe assets 4.0, there is broken access control on files. | 5.0 |
2019-09-26 | CVE-2019-16903 | Plutinosoft | Path Traversal vulnerability in Plutinosoft Platinum 1.2.0 Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. | 5.0 |
2019-09-26 | CVE-2019-16901 | Advantech | Improper Handling of Exceptional Conditions vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | 5.0 |
2019-09-26 | CVE-2019-16900 | Advantech | Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | 5.0 |
2019-09-26 | CVE-2019-16899 | Advantech | Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | 5.0 |
2019-09-26 | CVE-2015-9415 | Angrycreative | Improper Input Validation vulnerability in Angrycreative BJ Lazy Load The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | 5.0 |
2019-09-25 | CVE-2019-12659 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE 16.10.1 A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. | 5.0 |
2019-09-25 | CVE-2019-12656 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. | 5.0 |
2019-09-25 | CVE-2019-12245 | Silverstripe | Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). | 5.0 |
2019-09-25 | CVE-2019-16882 | String Interner Project | Use After Free vulnerability in String-Interner Project String-Interner An issue was discovered in the string-interner crate before 0.7.1 for Rust. | 5.0 |
2019-09-24 | CVE-2019-5505 | Netapp | Insufficiently Protected Credentials vulnerability in Netapp Ontap Select Deploy Administration Utility ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | 5.0 |
2019-09-24 | CVE-2019-16754 | Riot OS | NULL Pointer Dereference vulnerability in Riot-Os Riot 2019.07 RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. | 5.0 |
2019-09-24 | CVE-2019-14753 | Sick | Classic Buffer Overflow vulnerability in Sick Fx0-Gent00000 Firmware and Fx0-Gpnt00000 Firmware SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow | 5.0 |
2019-09-23 | CVE-2019-1255 | Microsoft | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | 5.0 |
2019-09-23 | CVE-2018-21019 | Home Assistant | Information Exposure vulnerability in Home-Assistant Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. | 5.0 |
2019-09-23 | CVE-2019-13063 | Sahipro | Path Traversal vulnerability in Sahipro Sahi PRO 8.0.0 Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. | 5.0 |
2019-09-23 | CVE-2019-16720 | Zzzcms | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms Zzzphp 1.7.2 ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | 5.0 |
2019-09-27 | CVE-2019-9376 | Excessive Iteration vulnerability in Google Android 8.0/8.1/9.0 In Account of Account.java, there is a possible boot loop due to improper input validation. | 4.9 | |
2019-09-27 | CVE-2019-9360 | Out-of-bounds Read vulnerability in Google Android 10.0 In the TEE, there's a possible out of bounds read due to a missing bounds check. | 4.9 | |
2019-09-27 | CVE-2019-9253 | Insecure Storage of Sensitive Information vulnerability in Google Android 10.0 In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. | 4.9 | |
2019-09-25 | CVE-2019-12660 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. | 4.9 |
2019-09-24 | CVE-2019-14220 | Bluestacks | Improper Privilege Management vulnerability in Bluestacks An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. | 4.9 |
2019-09-25 | CVE-2019-10406 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 |
2019-09-27 | CVE-2019-9429 | Out-of-bounds Write vulnerability in Google Android 10.0 In profman, there is a possible out of bounds write due to memory corruption. | 4.6 | |
2019-09-27 | CVE-2019-9407 | Unspecified vulnerability in Google Android 10.0 In notification management of the service manager, there is a possible permissions bypass. | 4.6 | |
2019-09-27 | CVE-2019-9378 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0 In the Activity Manager service, there is a possible permission bypass due to incorrect permission check. | 4.6 | |
2019-09-27 | CVE-2019-9350 | Use After Free vulnerability in Google Android 10.0 In Keymaster, there is a possible EoP due to a use after free. | 4.6 | |
2019-09-27 | CVE-2019-9295 | Missing Authorization vulnerability in Google Android 10.0 In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. | 4.6 | |
2019-09-27 | CVE-2019-9290 | Allocation of Resources Without Limits or Throttling vulnerability in Google Android 10.0 In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. | 4.6 | |
2019-09-27 | CVE-2019-9263 | Missing Authorization vulnerability in Google Android 10.0 In telephony, there is a possible bypass of user interaction requirements due to missing permission checks. | 4.6 | |
2019-09-27 | CVE-2019-9258 | Out-of-bounds Write vulnerability in Google Android 10.0 In wifilogd, there is a possible out of bounds write due to a missing bounds check. | 4.6 | |
2019-09-27 | CVE-2019-9257 | Integer Overflow or Wraparound vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds write due to an integer overflow. | 4.6 | |
2019-09-27 | CVE-2018-9425 | Improper Privilege Management vulnerability in Google Android 10.0 In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. | 4.6 | |
2019-09-27 | CVE-2019-11753 | Mozilla | Improper Validation of Integrity Check Value vulnerability in Mozilla Firefox The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. | 4.6 |
2019-09-25 | CVE-2019-12670 | Cisco | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco IOS 16.10.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. | 4.6 |
2019-09-24 | CVE-2019-14239 | NXP | Improper Authentication vulnerability in NXP products On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register. | 4.6 |
2019-09-24 | CVE-2019-14238 | ST | Improper Authentication vulnerability in ST products On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | 4.6 |
2019-09-24 | CVE-2019-13357 | Totaldefense | Untrusted Search Path vulnerability in Totaldefense Anti-Virus 9.0.0.773 In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. | 4.6 |
2019-09-24 | CVE-2019-13356 | Totaldefense | Incorrect Permission Assignment for Critical Resource vulnerability in Totaldefense Anti-Virus 9.0.0.773 In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. | 4.6 |
2019-09-24 | CVE-2019-13355 | Totaldefense | Incorrect Permission Assignment for Critical Resource vulnerability in Totaldefense Anti-Virus 9.0.0.773 In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable. | 4.6 |
2019-09-27 | CVE-2019-9463 | Unspecified vulnerability in Google Android 10.0 In Platform, there is a possible bypass of user interaction requirements due to background app interception. | 4.4 | |
2019-09-27 | CVE-2019-9358 | Out-of-bounds Write vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2019-09-27 | CVE-2019-9309 | Out-of-bounds Write vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2019-09-27 | CVE-2019-9269 | Insufficient Session Expiration vulnerability in Google Android 10.0 In System Settings, there is a possible permissions bypass due to a cached Linux user ID. | 4.4 | |
2019-09-27 | CVE-2019-11736 | Mozilla | Race Condition vulnerability in Mozilla Firefox The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. | 4.4 |
2019-09-27 | CVE-2019-16927 | Glyphandcog | Out-of-bounds Write vulnerability in Glyphandcog Xpdf 4.01.01 Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | 4.3 |
2019-09-27 | CVE-2019-9428 | Information Exposure vulnerability in Google Android 10.0 In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. | 4.3 | |
2019-09-27 | CVE-2019-9424 | Information Exposure vulnerability in Google Android 10.0 In the Screen Lock, there is a possible information disclosure due to an unusual root cause. | 4.3 | |
2019-09-27 | CVE-2019-9420 | Out-of-bounds Read vulnerability in Google Android 10.0 In libhevc, there is a possible out of bounds read due to an integer overflow. | 4.3 | |
2019-09-27 | CVE-2019-9416 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libstagefright there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9415 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libstagefright there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9414 | Improper Input Validation vulnerability in Google Android 10.0 In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. | 4.3 | |
2019-09-27 | CVE-2019-9412 | Out-of-bounds Read vulnerability in Google Android 10.0 In libSBRdec there is a possible out of bounds read due to incorrect bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9411 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9410 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9409 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libhevc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9408 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9406 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libhevc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9403 | Out-of-bounds Read vulnerability in Google Android 10.0 In cn-cbor, there is a possible out of bounds read due to improper casting. | 4.3 | |
2019-09-27 | CVE-2019-9399 | Inadequate Encryption Strength vulnerability in Google Android 10.0 The Print Service is susceptible to man in the middle attacks due to improperly used crypto. | 4.3 | |
2019-09-27 | CVE-2019-9391 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9385 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9380 | Missing Authorization vulnerability in Google Android 10.0 In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. | 4.3 | |
2019-09-27 | CVE-2019-9370 | Out-of-bounds Read vulnerability in Google Android 10.0 In sonivox, there is a possible out of bounds read due to an incorrect bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9366 | Out-of-bounds Read vulnerability in Google Android 10.0 In libSBRdec there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9362 | Out-of-bounds Read vulnerability in Google Android 10.0 In libSACdec, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9361 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9359 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9354 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC server, there's a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9353 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9352 | Improper Input Validation vulnerability in Google Android 10.0 In libstagefright, there is a possible resource exhaustion due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9338 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9337 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9336 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9335 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9334 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libhevc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9322 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9321 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libavc, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9320 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libavc, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9319 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libavc, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9318 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libhevc, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9317 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libstagefright, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9316 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libstagefright, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9315 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libhevc, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9314 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libavc, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9313 | Missing Initialization of Resource vulnerability in Google Android 10.0 In libstagefright, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9294 | Out-of-bounds Read vulnerability in Google Android 10.0 In libstagefright, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9293 | Out-of-bounds Read vulnerability in Google Android 10.0 In libstagefright, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9283 | Improper Input Validation vulnerability in Google Android 10.0 In AAC Codec, there is a possible resource exhaustion due to improper input validation. | 4.3 | |
2019-09-27 | CVE-2019-9282 | Out-of-bounds Read vulnerability in Google Android 10.0 In skia, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9264 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds read due to missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9261 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds read due to missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-9252 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libavc there is a possible out of bounds read due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-9247 | Missing Initialization of Resource vulnerability in Google Android 10.0 In AAC Codec, there is a missing variable initialization. | 4.3 | |
2019-09-27 | CVE-2019-9237 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2172 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libxaac there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-2171 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libxaac there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-2170 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libxaac there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-2169 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libxaac there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-2168 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libxaac there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-2167 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libxaac there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-2166 | Use of Uninitialized Resource vulnerability in Google Android 10.0 In libxaac there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-2165 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2164 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2163 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2162 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2161 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2160 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2158 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2157 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2156 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2155 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2154 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2153 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2152 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2151 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2150 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2149 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2148 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2147 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2146 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2145 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2144 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2143 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2142 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2140 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In libxaac, there is a possible information disclosure due to uninitialized data. | 4.3 | |
2019-09-27 | CVE-2019-2139 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2138 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2079 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-2060 | Out-of-bounds Read vulnerability in Google Android 10.0 In libxaac, there is a possible out of bounds read due to a missing bounds check. | 4.3 | |
2019-09-27 | CVE-2019-11754 | Mozilla | Unspecified vulnerability in Mozilla Firefox When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. | 4.3 |
2019-09-27 | CVE-2019-11750 | Mozilla | Type Confusion vulnerability in Mozilla Firefox and Firefox ESR A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. | 4.3 |
2019-09-27 | CVE-2019-11749 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Firefox ESR A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. | 4.3 |
2019-09-27 | CVE-2019-11748 | Mozilla | Improper Preservation of Permissions vulnerability in Mozilla Firefox and Firefox ESR WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. | 4.3 |
2019-09-27 | CVE-2019-11747 | Mozilla | Improper Initialization vulnerability in Mozilla Firefox The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. | 4.3 |
2019-09-27 | CVE-2019-11744 | Mozilla | Cross-site Scripting vulnerability in Mozilla Firefox Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. | 4.3 |
2019-09-27 | CVE-2019-11743 | Mozilla | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. | 4.3 |
2019-09-27 | CVE-2019-11742 | Mozilla | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. | 4.3 |
2019-09-27 | CVE-2019-11741 | Mozilla | Cross-site Scripting vulnerability in Mozilla Firefox A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. | 4.3 |
2019-09-27 | CVE-2019-11739 | Mozilla | Cleartext Transmission of Sensitive Information vulnerability in Mozilla Thunderbird Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. | 4.3 |
2019-09-27 | CVE-2019-16923 | Kkcms Project | Cross-site Scripting vulnerability in Kkcms Project Kkcms 1.3 kkcms 1.3 has jx.php?url= XSS. | 4.3 |
2019-09-27 | CVE-2019-13376 | Phpbb | Cross-Site Request Forgery (CSRF) vulnerability in PHPbb 3.2.7 phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. | 4.3 |
2019-09-26 | CVE-2019-12562 | Dnnsoftware | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. | 4.3 |
2019-09-26 | CVE-2019-16914 | Netgate | Cross-site Scripting vulnerability in Netgate Pfsense An XSS issue was discovered in pfSense through 2.4.4-p3. | 4.3 |
2019-09-26 | CVE-2015-9447 | Unitegallery | Cross-Site Request Forgery (CSRF) vulnerability in Unitegallery Unite Gallery Lite The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. | 4.3 |
2019-09-26 | CVE-2015-9444 | Altosresearch | Cross-site Scripting vulnerability in Altosresearch Altos-Connect 1.3.0 The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. | 4.3 |
2019-09-26 | CVE-2015-9443 | WP Accurate Form Data Project | Cross-Site Request Forgery (CSRF) vulnerability in WP Accurate Form Data Project WP Accurate Form Data 1.2 The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. | 4.3 |
2019-09-26 | CVE-2015-9442 | Avenirsoft | Cross-Site Request Forgery (CSRF) vulnerability in Avenirsoft Directdownload 1.0 The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. | 4.3 |
2019-09-26 | CVE-2015-9441 | Bookmarkify Project | Cross-Site Request Forgery (CSRF) vulnerability in Bookmarkify Project Bookmarkify 2.9.2 The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. | 4.3 |
2019-09-26 | CVE-2015-9440 | Monetize Project | Cross-Site Request Forgery (CSRF) vulnerability in Monetize Project Monetize 1.03 The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. | 4.3 |
2019-09-26 | CVE-2015-9437 | Qurl | Cross-Site Request Forgery (CSRF) vulnerability in Qurl Dynamic Widgets The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. | 4.3 |
2019-09-26 | CVE-2015-9434 | Kiwi Logo Carousel Project | Cross-Site Request Forgery (CSRF) vulnerability in Kiwi-Logo-Carousel Project Kiwi-Logo-Carousel The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. | 4.3 |
2019-09-26 | CVE-2015-9433 | WP Social Bookmarking Light Project | Cross-Site Request Forgery (CSRF) vulnerability in WP Social Bookmarking Light Project WP Social Bookmarking Light The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. | 4.3 |
2019-09-26 | CVE-2015-9432 | Thealpinepress | Cross-Site Request Forgery (CSRF) vulnerability in Thealpinepress Alpine-Photo-Tile-For-Instagram The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. | 4.3 |
2019-09-26 | CVE-2015-9431 | Qtranslate X Project | Cross-Site Request Forgery (CSRF) vulnerability in Qtranslate X Project Qtranslate X The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. | 4.3 |
2019-09-26 | CVE-2015-9430 | Crazy Bone Project | Cross-site Scripting vulnerability in Crazy Bone Project Crazy Bone The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. | 4.3 |
2019-09-26 | CVE-2015-9429 | Yithemes | Cross-Site Request Forgery (CSRF) vulnerability in Yithemes Yith Maintenance Mode The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | 4.3 |
2019-09-26 | CVE-2015-9428 | Wplegalpages | Cross-Site Request Forgery (CSRF) vulnerability in Wplegalpages WP Legal Pages 1.0.0 The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters. | 4.3 |
2019-09-26 | CVE-2015-9427 | Googmonify Project | Cross-Site Request Forgery (CSRF) vulnerability in Googmonify Project Googmonify 0.5.1 The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. | 4.3 |
2019-09-26 | CVE-2015-9425 | Byonepress | Cross-Site Request Forgery (CSRF) vulnerability in Byonepress Social Locker The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | 4.3 |
2019-09-26 | CVE-2015-9424 | Doc4Design | Cross-Site Request Forgery (CSRF) vulnerability in Doc4Design Multicons The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. | 4.3 |
2019-09-26 | CVE-2015-9422 | Simplysymphony | Cross-Site Request Forgery (CSRF) vulnerability in Simplysymphony Plugnedit 1.0/1.1/1.2 The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters. | 4.3 |
2019-09-26 | CVE-2015-9421 | Olevmedia | Cross-Site Request Forgery (CSRF) vulnerability in Olevmedia Shortcodes The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. | 4.3 |
2019-09-26 | CVE-2015-9420 | Mightymess | Cross-site Scripting vulnerability in Mightymess Soundcloud IS Gold The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. | 4.3 |
2019-09-26 | CVE-2015-9419 | Captain Slider Project | Cross-site Scripting vulnerability in Captain-Slider Project Captain-Slider 1.0.6 The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section. | 4.3 |
2019-09-26 | CVE-2015-9417 | Slidervilla | Cross-Site Request Forgery (CSRF) vulnerability in Slidervilla Testimonial Slider The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | 4.3 |
2019-09-26 | CVE-2015-9416 | Onthegosystems | Cross-site Scripting vulnerability in Onthegosystems Sitepress-Multilingual-Cms 2.9.3/3.2.6 The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. | 4.3 |
2019-09-26 | CVE-2015-9414 | Wpsymposiumpro | Cross-site Scripting vulnerability in Wpsymposiumpro Wp-Symposium The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter. | 4.3 |
2019-09-26 | CVE-2015-9413 | Eshop Project | Cross-Site Request Forgery (CSRF) vulnerability in Eshop Project Eshop The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | 4.3 |
2019-09-26 | CVE-2015-9412 | Royal Slider Project | Cross-site Scripting vulnerability in Royal-Slider Project Royal-Slider The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter. | 4.3 |
2019-09-26 | CVE-2015-9411 | Gopostmatic | Cross-site Scripting vulnerability in Gopostmatic Replyable 1.4.5 The Postmatic plugin before 1.4.6 for WordPress has XSS. | 4.3 |
2019-09-25 | CVE-2017-18635 | Novnc Debian Canonical Redhat | Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. | 4.3 |
2019-09-25 | CVE-2019-12205 | Silverstripe | Cross-site Scripting vulnerability in Silverstripe SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. | 4.3 |
2019-09-25 | CVE-2015-9409 | ALO Easymail Project | Cross-Site Request Forgery (CSRF) vulnerability in Alo-Easymail Project Alo-Easymail The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. | 4.3 |
2019-09-25 | CVE-2019-10421 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Azure Event Grid Notifier 0.1 Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
2019-09-25 | CVE-2019-10409 | Jenkins | Missing Authorization vulnerability in Jenkins Project Inheritance A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. | 4.3 |
2019-09-25 | CVE-2019-10408 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Project Inheritance A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. | 4.3 |
2019-09-24 | CVE-2019-16725 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. | 4.3 |
2019-09-24 | CVE-2019-16751 | Devise Token Auth Project | Cross-site Scripting vulnerability in Devise Token Auth Project Devise Token Auth An issue was discovered in Devise Token Auth through 1.1.2. | 4.3 |
2019-09-24 | CVE-2018-9090 | Redhat | Cross-site Scripting vulnerability in Redhat Tectonic CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. | 4.3 |
2019-09-24 | CVE-2019-16728 | Cure53 Debian | Cross-site Scripting vulnerability in multiple products DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. | 4.3 |
2019-09-23 | CVE-2019-12407 | Apache | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 4.3 |
2019-09-23 | CVE-2019-10090 | Apache | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 4.3 |
2019-09-23 | CVE-2019-16723 | Cacti | Authorization Bypass Through User-Controlled Key vulnerability in Cacti In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. | 4.3 |
2019-09-23 | CVE-2019-12404 | Apache | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 4.3 |
2019-09-23 | CVE-2019-10089 | Apache | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 4.3 |
2019-09-23 | CVE-2019-10087 | Apache | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 4.3 |
2019-09-23 | CVE-2019-16719 | Wtcms Project | Cross-Site Request Forgery (CSRF) vulnerability in Wtcms Project Wtcms 1.0 WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. | 4.3 |
2019-09-23 | CVE-2019-16713 | Imagemagick Canonical Opensuse Debian | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | 4.3 |
2019-09-23 | CVE-2019-16712 | Imagemagick Opensuse | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. | 4.3 |
2019-09-23 | CVE-2019-16711 | Imagemagick Debian Opensuse Canonical | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | 4.3 |
2019-09-23 | CVE-2019-16710 | Imagemagick Debian Opensuse Canonical | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | 4.3 |
2019-09-23 | CVE-2019-16709 | Imagemagick Opensuse Canonical | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | 4.3 |
2019-09-23 | CVE-2019-16708 | Imagemagick Canonical Opensuse Debian | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | 4.3 |
2019-09-23 | CVE-2019-16703 | Phpmywind | Cross-site Scripting vulnerability in PHPmywind 5.6 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | 4.3 |
2019-09-27 | CVE-2019-3736 | Dell | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2 Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. | 4.0 |
2019-09-27 | CVE-2019-9434 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 4.0 | |
2019-09-27 | CVE-2019-9431 | Use After Free vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a use after free. | 4.0 | |
2019-09-26 | CVE-2018-11782 | Apache | Improper Input Validation vulnerability in Apache Subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. | 4.0 |
2019-09-26 | CVE-2019-4378 | IBM | Unspecified vulnerability in IBM MQ IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. | 4.0 |
2019-09-26 | CVE-2019-12617 | Silverstripe | Unspecified vulnerability in Silverstripe In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. | 4.0 |
2019-09-23 | CVE-2019-10755 | Pac4J | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pac4J The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. | 4.0 |
2019-09-23 | CVE-2019-15635 | Grafana | Insufficiently Protected Credentials vulnerability in Grafana 5.4.0 An issue was discovered in Grafana 5.4.0. | 4.0 |
58 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-09-24 | CVE-2019-12068 | Qemu Canonical Opensuse | Infinite Loop vulnerability in multiple products In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. | 3.8 |
2019-09-25 | CVE-2019-12203 | Silverstripe | Session Fixation vulnerability in Silverstripe SilverStripe through 4.3.3 allows session fixation in the "change password" form. | 3.7 |
2019-09-27 | CVE-2019-3747 | Dell | Cross-site Scripting vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2 Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. | 3.5 |
2019-09-26 | CVE-2019-16524 | Status301 | Cross-site Scripting vulnerability in Status301 Easy Fancybox The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. | 3.5 |
2019-09-26 | CVE-2019-16904 | Teampass | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. | 3.5 |
2019-09-26 | CVE-2019-14272 | Silverstripe | Cross-site Scripting vulnerability in Silverstripe In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. | 3.5 |
2019-09-26 | CVE-2015-9439 | Addthis | Cross-site Scripting vulnerability in Addthis The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. | 3.5 |
2019-09-26 | CVE-2015-9438 | Display Widgets Project | Cross-site Scripting vulnerability in Display-Widgets Project Display-Widgets The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. | 3.5 |
2019-09-26 | CVE-2015-9436 | Qurl | Cross-site Scripting vulnerability in Qurl Dynamic Widgets The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. | 3.5 |
2019-09-26 | CVE-2015-9426 | Manual Image Crop Project | Cross-site Scripting vulnerability in Manual Image Crop Project Manual Image Crop The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. | 3.5 |
2019-09-26 | CVE-2015-9423 | Simplysymphony | Cross-site Scripting vulnerability in Simplysymphony Plugnedit 1.0/1.1/1.2 The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. | 3.5 |
2019-09-25 | CVE-2019-16890 | Halo | Cross-site Scripting vulnerability in Halo 1.1.0 Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | 3.5 |
2019-09-25 | CVE-2019-12668 | Cisco | Cross-site Scripting vulnerability in Cisco IOS and IOS XE A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. | 3.5 |
2019-09-25 | CVE-2019-12667 | Cisco | Cross-site Scripting vulnerability in Cisco IOS XE A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 3.5 |
2019-09-23 | CVE-2019-16704 | Phpmywind | Cross-site Scripting vulnerability in PHPmywind 5.6 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | 3.5 |
2019-09-27 | CVE-2019-16924 | Nuvending | Cleartext Transmission of Sensitive Information vulnerability in Nuvending Nulock 1.5.0 The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock. | 3.3 |
2019-09-25 | CVE-2019-6654 | F5 | Improper Input Validation vulnerability in F5 products On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). | 3.3 |
2019-09-23 | CVE-2019-16518 | Vandyvape | Exposure of Resource to Wrong Sphere vulnerability in Vandyvape Swell KIT MOD Firmware 2.0.2 An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. | 3.3 |
2019-09-25 | CVE-2019-13627 | Canonical Opensuse Libgcrypt20 Project | Race Condition vulnerability in multiple products It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. | 2.6 |
2019-09-27 | CVE-2019-9440 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In AOSP Email, there is a possible information disclosure due to a confused deputy. | 2.1 | |
2019-09-27 | CVE-2019-9438 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In the Package Manager service, there is a possible information disclosure due to a confused deputy. | 2.1 | |
2019-09-27 | CVE-2019-9435 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-9427 | Use After Free vulnerability in Google Android 10.0 In Bluetooth, there is a possible information disclosure due to a use after free. | 2.1 | |
2019-09-27 | CVE-2019-9417 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-9377 | Missing Authorization vulnerability in Google Android 10.0 In FingerprintService, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. | 2.1 | |
2019-09-27 | CVE-2019-9373 | Deserialization of Untrusted Data vulnerability in Google Android 10.0 In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. | 2.1 | |
2019-09-27 | CVE-2019-9369 | DEPRECATED: Use of Uninitialized Resource vulnerability in Google Android 10.0 In Bluetooth, there is a use of uninitialized variable. | 2.1 | |
2019-09-27 | CVE-2019-9368 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-9364 | Incorrect Authorization vulnerability in Google Android 10.0 In AudioService, there is a possible trigger of background user audio due to a permissions bypass. | 2.1 | |
2019-09-27 | CVE-2019-9351 | Missing Authorization vulnerability in Google Android 10.0 In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. | 2.1 | |
2019-09-27 | CVE-2019-9347 | Use After Free vulnerability in Google Android 10.0 In the m4v_h263 codec, there is a possible out of bounds read due to a use after free. | 2.1 | |
2019-09-27 | CVE-2019-9312 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-9292 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0 In the Activity Manager service, there is a possible information disclosure due to a confused deputy. | 2.1 | |
2019-09-27 | CVE-2019-9289 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-9287 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-9280 | Unspecified vulnerability in Google Android 10.0 In keyguard, there is a possible escalation of privilege due to improper permission checks. | 2.1 | |
2019-09-27 | CVE-2019-9277 | Information Exposure Through Log Files vulnerability in Google Android 10.0 In the proc filesystem, there is a possible information disclosure due to log information disclosure. | 2.1 | |
2019-09-27 | CVE-2019-9272 | Incorrect Authorization vulnerability in Google Android 10.0 In WiFi, there is a possible leak of WiFi state due to a permissions bypass. | 2.1 | |
2019-09-27 | CVE-2019-9268 | Use After Free vulnerability in Google Android 10.0 In libstagefright, there is a possible use-after-free due to improper locking. | 2.1 | |
2019-09-27 | CVE-2019-9249 | Out-of-bounds Read vulnerability in Google Android 10.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-9243 | Out-of-bounds Read vulnerability in Google Android 10.0 In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-2191 | Information Exposure vulnerability in Google Android 10.0 In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2019-2190 | Information Exposure vulnerability in Google Android 10.0 In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. | 2.1 | |
2019-09-27 | CVE-2018-9581 | Information Exposure vulnerability in Google Android 10.0 In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. | 2.1 | |
2019-09-24 | CVE-2019-13528 | Tridium | Unspecified vulnerability in Tridium Niagara4 and Niagara AX A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10). | 2.1 |
2019-09-27 | CVE-2019-9421 | Out-of-bounds Read vulnerability in Google Android 10.0 In libandroidfw, there is a possible OOB read due to an integer overflow. | 1.9 | |
2019-09-27 | CVE-2019-9383 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC server, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9356 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC server, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9344 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC server, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9296 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9251 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9246 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9244 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9242 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9240 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9239 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9236 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 | |
2019-09-27 | CVE-2019-9235 | Out-of-bounds Read vulnerability in Google Android 10.0 In NFC, there is a possible out of bounds read due to a missing bounds check. | 1.9 |